MOON
Server: Apache
System: Linux vps.erhabenn.com.br 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User: machen (1008)
PHP: 8.2.31
Disabled: NONE
$ pwd: /usr/local/apache/
Upload Files
File: //usr/local/apache/error_log
[Wed Jun 10 20:23:05.184818 2026] [systemd:notice] [pid 1897:tid 1897] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Wed Jun 10 20:23:05.185170 2026] [mpm_worker:notice] [pid 1897:tid 1897] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4 configured -- resuming normal operations
[Wed Jun 10 20:23:05.185190 2026] [core:notice] [pid 1897:tid 1897] AH00094: Command line: '/usr/sbin/httpd'
[Wed Jun 10 20:23:09.000081 2026] [security2:error] [pid 2863:tid 2875] [client 178.62.209.206:50084] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ainx3O4kH98IGZHc5CXl3QAAAAY"]
[Wed Jun 10 20:23:09.538625 2026] [security2:error] [pid 2938:tid 2959] [client 178.62.209.206:50098] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ainx3eRR3mM9pMB2F29mzwAAAVI"]
[Wed Jun 10 20:23:20.722017 2026] [security2:error] [pid 2996:tid 3006] [client 74.249.184.13:48200] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/autodiscover/autodiscover.json"] [unique_id "ainx6ESZaG_29S05F-7ANwAAAIg"]
[Wed Jun 10 20:23:20.722180 2026] [security2:error] [pid 2996:tid 3006] [client 74.249.184.13:48200] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/autodiscover/autodiscover.json"] [unique_id "ainx6ESZaG_29S05F-7ANwAAAIg"]
[Wed Jun 10 20:23:20.722999 2026] [security2:error] [pid 2996:tid 3006] [client 74.249.184.13:48200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/autodiscover/autodiscover.json"] [unique_id "ainx6ESZaG_29S05F-7ANwAAAIg"]
[Wed Jun 10 20:23:20.827381 2026] [security2:error] [pid 2996:tid 3006] [client 74.249.184.13:48200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ainx6ESZaG_29S05F-7ANwAAAIg"]
[Wed Jun 10 20:26:43.528602 2026] [security2:error] [pid 2938:tid 2963] [client 178.62.209.206:39068] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ainys-RR3mM9pMB2F29qEwAAAVY"]
[Wed Jun 10 20:26:43.768715 2026] [security2:error] [pid 3052:tid 3078] [client 178.62.209.206:39078] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ainys3Bh93Mt9RCcCnfCNQAAANg"]
[Wed Jun 10 20:27:35.892562 2026] [security2:error] [pid 2938:tid 2952] [client 35.216.195.77:34258] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ainy5-RR3mM9pMB2F29qNAAAAUs"]
[Wed Jun 10 20:27:36.843750 2026] [security2:error] [pid 2938:tid 2961] [client 35.216.195.77:34262] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ainy6ORR3mM9pMB2F29qNQAAAVQ"]
[Wed Jun 10 20:27:36.843972 2026] [security2:error] [pid 2938:tid 2961] [client 35.216.195.77:34262] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ainy6ORR3mM9pMB2F29qNQAAAVQ"]
[Wed Jun 10 20:27:36.844246 2026] [security2:error] [pid 2938:tid 2961] [client 35.216.195.77:34262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ainy6ORR3mM9pMB2F29qNQAAAVQ"]
[Wed Jun 10 20:27:36.967050 2026] [security2:error] [pid 2938:tid 2961] [client 35.216.195.77:34262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ainy6ORR3mM9pMB2F29qNQAAAVQ"]
[Wed Jun 10 20:27:37.665671 2026] [security2:error] [pid 2863:tid 2872] [client 35.216.195.77:34270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/server-status"] [unique_id "ainy6e4kH98IGZHc5CXoSwAAAAM"]
[Wed Jun 10 20:27:38.482049 2026] [security2:error] [pid 2863:tid 2880] [client 35.216.195.77:34286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/config.json"] [unique_id "ainy6u4kH98IGZHc5CXoTAAAAAs"]
[Wed Jun 10 20:27:39.206055 2026] [security2:error] [pid 2938:tid 2964] [client 35.216.195.77:34288] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ainy6-RR3mM9pMB2F29qNwAAAVc"]
[Wed Jun 10 20:27:39.206335 2026] [security2:error] [pid 2938:tid 2964] [client 35.216.195.77:34288] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ainy6-RR3mM9pMB2F29qNwAAAVc"]
[Wed Jun 10 20:27:39.206793 2026] [security2:error] [pid 2938:tid 2964] [client 35.216.195.77:34288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ainy6-RR3mM9pMB2F29qNwAAAVc"]
[Wed Jun 10 20:27:39.284092 2026] [security2:error] [pid 2938:tid 2964] [client 35.216.195.77:34288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ainy6-RR3mM9pMB2F29qNwAAAVc"]
[Wed Jun 10 20:27:39.887010 2026] [security2:error] [pid 2996:tid 3013] [client 35.216.195.77:34302] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/telescope/requests"] [unique_id "ainy60SZaG_29S05F-7CUAAAAI8"]
[Wed Jun 10 20:27:40.652494 2026] [security2:error] [pid 2938:tid 2947] [client 35.216.195.77:34312] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/info.php"] [unique_id "ainy7ORR3mM9pMB2F29qOAAAAUY"]
[Wed Jun 10 20:33:15.702830 2026] [security2:error] [pid 2996:tid 3004] [client 172.202.118.47:49624] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/autodiscover/autodiscover.json"] [unique_id "ain0O0SZaG_29S05F-7ISwAAAIY"]
[Wed Jun 10 20:33:15.702968 2026] [security2:error] [pid 2996:tid 3004] [client 172.202.118.47:49624] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/autodiscover/autodiscover.json"] [unique_id "ain0O0SZaG_29S05F-7ISwAAAIY"]
[Wed Jun 10 20:33:15.704286 2026] [security2:error] [pid 2996:tid 3004] [client 172.202.118.47:49624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/autodiscover/autodiscover.json"] [unique_id "ain0O0SZaG_29S05F-7ISwAAAIY"]
[Wed Jun 10 20:33:15.704643 2026] [security2:error] [pid 2996:tid 3004] [client 172.202.118.47:49624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ain0O0SZaG_29S05F-7ISwAAAIY"]
[Wed Jun 10 20:35:46.435996 2026] [core:error] [pid 18113:tid 18135] [client 185.38.148.2:49338] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Wed Jun 10 20:37:08.894767 2026] [security2:error] [pid 2938:tid 2952] [client 45.148.10.67:33982] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain1JORR3mM9pMB2F29y9wAAAUs"]
[Wed Jun 10 20:37:09.280763 2026] [security2:error] [pid 2863:tid 2872] [client 45.148.10.67:33992] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ain1Je4kH98IGZHc5CXzAwAAAAM"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 20:38:29.667676 2026] [security2:error] [pid 2938:tid 2951] [client 142.252.244.8:33801] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ain1deRR3mM9pMB2F29zqQAAAUo"]
[Wed Jun 10 20:54:35.819389 2026] [security2:error] [pid 2996:tid 3021] [client 66.132.195.113:37806] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain5O0SZaG_29S05F-7ccAAAAJc"]
[Wed Jun 10 20:54:41.279232 2026] [security2:error] [pid 2938:tid 2965] [client 66.132.195.113:14298] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ain5QeRR3mM9pMB2F2-FEAAAAVg"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 20:54:43.419986 2026] [security2:error] [pid 3052:tid 3054] [client 66.132.195.113:14314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "ain5Q3Bh93Mt9RCcCnfclQAAAMA"]
[Wed Jun 10 20:54:45.088268 2026] [security2:error] [pid 2863:tid 2873] [client 66.132.195.113:14318] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ain5Re4kH98IGZHc5CUGCgAAAAQ"], referer: https://13.66.22.226/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 20:55:56.424229 2026] [security2:error] [pid 18113:tid 18128] [client 66.132.195.113:63914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wiki"] [unique_id "ain5jJg3ctvEYD6EH9su0QAAAEg"]
[Wed Jun 10 20:58:54.408930 2026] [security2:error] [pid 2938:tid 2950] [client 178.62.209.206:43188] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain6PuRR3mM9pMB2F2-JBwAAAUk"]
[Wed Jun 10 20:58:54.762329 2026] [security2:error] [pid 2938:tid 2955] [client 178.62.209.206:43202] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ain6PuRR3mM9pMB2F2-JCAAAAU4"], referer: https://13.66.22.226:443
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 20:58:55.189449 2026] [security2:error] [pid 2863:tid 2871] [client 178.62.209.206:43214] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain6P-4kH98IGZHc5CULWQAAAAI"]
[Wed Jun 10 20:58:55.555170 2026] [security2:error] [pid 3052:tid 3072] [client 178.62.209.206:43222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ain6P3Bh93Mt9RCcCnfgjgAAANI"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 21:02:12.130727 2026] [security2:error] [pid 3052:tid 3074] [client 165.140.238.202:50390] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BHBh93Mt9RCcCnfjqwAAANQ"]
[Wed Jun 10 21:02:12.130930 2026] [security2:error] [pid 3052:tid 3074] [client 165.140.238.202:50390] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BHBh93Mt9RCcCnfjqwAAANQ"]
[Wed Jun 10 21:02:12.131142 2026] [security2:error] [pid 3052:tid 3074] [client 165.140.238.202:50390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BHBh93Mt9RCcCnfjqwAAANQ"]
[Wed Jun 10 21:02:12.143695 2026] [security2:error] [pid 3052:tid 3074] [client 165.140.238.202:50390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ain7BHBh93Mt9RCcCnfjqwAAANQ"]
[Wed Jun 10 21:02:12.457977 2026] [security2:error] [pid 2996:tid 3012] [client 165.140.238.202:36116] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BESZaG_29S05F-7kqAAAAI4"]
[Wed Jun 10 21:02:12.458205 2026] [security2:error] [pid 2996:tid 3012] [client 165.140.238.202:36116] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BESZaG_29S05F-7kqAAAAI4"]
[Wed Jun 10 21:02:12.458606 2026] [security2:error] [pid 2996:tid 3012] [client 165.140.238.202:36116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "ain7BESZaG_29S05F-7kqAAAAI4"]
[Wed Jun 10 21:02:12.458901 2026] [security2:error] [pid 2996:tid 3012] [client 165.140.238.202:36116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ain7BESZaG_29S05F-7kqAAAAI4"]
[Wed Jun 10 21:05:10.220506 2026] [security2:error] [pid 2938:tid 2956] [client 103.252.90.129:42612] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain7tuRR3mM9pMB2F2-PEQAAAU8"]
[Wed Jun 10 21:07:55.792705 2026] [security2:error] [pid 2938:tid 2955] [client 205.210.31.22:63294] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "ain8W-RR3mM9pMB2F2-R0gAAAU4"]
[Wed Jun 10 21:12:00.069739 2026] [security2:error] [pid 2996:tid 3014] [client 64.62.156.24:37358] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain9UESZaG_29S05F-7vnQAAAJA"]
[Wed Jun 10 21:20:58.541502 2026] [security2:error] [pid 2863:tid 2870] [client 95.111.199.201:61001] ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: ivre-masscan/1.3 https://github.com/robertdavidgraham/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ain_au4kH98IGZHc5CUiZgAAAAE"]
[Wed Jun 10 21:20:58.541672 2026] [security2:error] [pid 2863:tid 2870] [client 95.111.199.201:61001] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ain_au4kH98IGZHc5CUiZgAAAAE"]
[Wed Jun 10 21:20:58.542128 2026] [security2:error] [pid 2863:tid 2870] [client 95.111.199.201:61001] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ain_au4kH98IGZHc5CUiZgAAAAE"]
[Wed Jun 10 21:20:58.542928 2026] [security2:error] [pid 2863:tid 2870] [client 95.111.199.201:61001] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ain_au4kH98IGZHc5CUiZgAAAAE"]
[Wed Jun 10 21:22:06.340304 2026] [security2:error] [pid 18113:tid 18139] [client 165.140.238.202:51502] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ain_rpg3ctvEYD6EH9tDfAAAAFM"]
[Wed Jun 10 21:22:06.340532 2026] [security2:error] [pid 18113:tid 18139] [client 165.140.238.202:51502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ain_rpg3ctvEYD6EH9tDfAAAAFM"]
[Wed Jun 10 21:22:06.340830 2026] [security2:error] [pid 18113:tid 18139] [client 165.140.238.202:51502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "ain_rpg3ctvEYD6EH9tDfAAAAFM"]
[Wed Jun 10 21:22:06.920267 2026] [security2:error] [pid 18113:tid 18139] [client 165.140.238.202:51502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ain_rpg3ctvEYD6EH9tDfAAAAFM"]
[Wed Jun 10 21:22:14.786745 2026] [security2:error] [pid 2863:tid 2893] [client 64.62.156.33:36987] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ain_tu4kH98IGZHc5CUi-wAAABg"]
[Wed Jun 10 21:23:31.599541 2026] [security2:error] [pid 2863:tid 2880] [client 64.62.156.28:32299] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioAA-4kH98IGZHc5CUkVgAAAAs"]
[Wed Jun 10 21:23:31.932962 2026] [security2:error] [pid 2863:tid 2880] [client 64.62.156.28:32299] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioAA-4kH98IGZHc5CUkWAAAAAs"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 21:25:25.595818 2026] [security2:error] [pid 3052:tid 3063] [client 176.65.139.66:45984] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioAdXBh93Mt9RCcCnf63AAAAMk"]
[Wed Jun 10 21:27:06.230304 2026] [security2:error] [pid 3052:tid 3075] [client 46.151.178.13:57492] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioA2nBh93Mt9RCcCnf8PgAAANU"], referer: http://13.66.22.226:443/
[Wed Jun 10 21:27:26.651134 2026] [security2:error] [pid 2863:tid 2877] [client 64.62.156.26:9007] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aioA7u4kH98IGZHc5CUoHgAAAAg"]
[Wed Jun 10 21:27:32.412357 2026] [security2:error] [pid 2996:tid 3001] [client 46.151.178.13:35986] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioA9ESZaG_29S05F-7_ewAAAIM"], referer: http://13.84.161.190:443/
[Wed Jun 10 21:34:47.854618 2026] [security2:error] [pid 3052:tid 3054] [client 45.156.129.56:35852] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioCp3Bh93Mt9RCcCncB_wAAAMA"]
[Wed Jun 10 21:39:09.879777 2026] [security2:error] [pid 2863:tid 2893] [client 64.62.156.24:25928] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vpn/index.html"] [unique_id "aioDre4kH98IGZHc5CUyxQAAABg"]
[Wed Jun 10 21:39:33.848643 2026] [security2:error] [pid 31551:tid 31572] [client 64.62.156.24:56811] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vpn/index.html"] [unique_id "aioDxdPH5u5NVjul-pkFmAAAAQ4"]
[Wed Jun 10 21:39:53.601627 2026] [security2:error] [pid 2863:tid 2883] [client 64.62.156.24:55736] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logon/LogonPoint/index.html"] [unique_id "aioD2e4kH98IGZHc5CUzbgAAAA4"]
[Wed Jun 10 21:40:14.405691 2026] [security2:error] [pid 31551:tid 31578] [client 64.62.156.34:62569] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logon/LogonPoint/index.html"] [unique_id "aioD7tPH5u5NVjul-pkGSwAAARQ"]
[Wed Jun 10 21:40:54.518613 2026] [security2:error] [pid 18113:tid 18138] [client 205.210.31.132:61042] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioEFpg3ctvEYD6EH9tVNQAAAFI"]
[Wed Jun 10 21:40:54.950847 2026] [security2:error] [pid 3052:tid 3056] [client 205.210.31.132:61052] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioEFnBh93Mt9RCcCncGVgAAAMI"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 21:41:53.131016 2026] [security2:error] [pid 2938:tid 2956] [client 64.62.156.24:46588] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/geoserver/web/"] [unique_id "aioEUeRR3mM9pMB2F2-0DAAAAU8"]
[Wed Jun 10 21:44:27.203125 2026] [security2:error] [pid 31551:tid 31575] [client 45.148.10.67:29822] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioE69PH5u5NVjul-pkI8wAAARE"]
[Wed Jun 10 21:44:56.039125 2026] [security2:error] [pid 2938:tid 2960] [client 78.153.140.43:43380] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioFCORR3mM9pMB2F2-2XgAAAVM"]
[Wed Jun 10 21:44:56.039378 2026] [security2:error] [pid 2938:tid 2960] [client 78.153.140.43:43380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioFCORR3mM9pMB2F2-2XgAAAVM"]
[Wed Jun 10 21:44:56.039676 2026] [security2:error] [pid 2938:tid 2960] [client 78.153.140.43:43380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioFCORR3mM9pMB2F2-2XgAAAVM"]
[Wed Jun 10 21:44:56.040038 2026] [security2:error] [pid 2938:tid 2960] [client 78.153.140.43:43380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioFCORR3mM9pMB2F2-2XgAAAVM"]
[Wed Jun 10 21:44:56.966700 2026] [security2:error] [pid 18113:tid 18134] [client 78.153.140.43:43388] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioFCJg3ctvEYD6EH9tXxwAAAE4"]
[Wed Jun 10 21:46:38.806546 2026] [security2:error] [pid 2996:tid 3016] [client 64.62.156.24:52654] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aioFbkSZaG_29S05F-4PJgAAAJI"]
[Wed Jun 10 21:46:38.806789 2026] [security2:error] [pid 2996:tid 3016] [client 64.62.156.24:52654] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aioFbkSZaG_29S05F-4PJgAAAJI"]
[Wed Jun 10 21:46:38.807031 2026] [security2:error] [pid 2996:tid 3016] [client 64.62.156.24:52654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aioFbkSZaG_29S05F-4PJgAAAJI"]
[Wed Jun 10 21:46:38.807398 2026] [security2:error] [pid 2996:tid 3016] [client 64.62.156.24:52654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioFbkSZaG_29S05F-4PJgAAAJI"]
[Wed Jun 10 21:47:09.222869 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aioFjUSZaG_29S05F-4P9gAAAJQ"]
[Wed Jun 10 21:47:09.223431 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aioFjUSZaG_29S05F-4P9gAAAJQ"]
[Wed Jun 10 21:47:09.224034 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjUSZaG_29S05F-4P9gAAAJQ"]
[Wed Jun 10 21:47:09.707906 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env"] [unique_id "aioFjUSZaG_29S05F-4P-wAAAJQ"]
[Wed Jun 10 21:47:09.708136 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env"] [unique_id "aioFjUSZaG_29S05F-4P-wAAAJQ"]
[Wed Jun 10 21:47:09.708600 2026] [security2:error] [pid 2996:tid 3018] [client 208.84.101.109:48524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjUSZaG_29S05F-4P-wAAAJQ"]
[Wed Jun 10 21:47:10.206076 2026] [security2:error] [pid 2938:tid 2965] [client 208.84.101.109:58690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/public/.env"] [unique_id "aioFjuRR3mM9pMB2F2-3vgAAAVg"]
[Wed Jun 10 21:47:10.206424 2026] [security2:error] [pid 2938:tid 2965] [client 208.84.101.109:58690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/public/.env"] [unique_id "aioFjuRR3mM9pMB2F2-3vgAAAVg"]
[Wed Jun 10 21:47:10.206841 2026] [security2:error] [pid 2938:tid 2965] [client 208.84.101.109:58690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjuRR3mM9pMB2F2-3vgAAAVg"]
[Wed Jun 10 21:47:10.411691 2026] [mpm_worker:error] [pid 1897:tid 1897] AH00287: server is within MinSpareThreads of MaxRequestWorkers, consider raising the MaxRequestWorkers setting
[Wed Jun 10 21:47:10.413262 2026] [security2:error] [pid 3052:tid 3060] [client 208.84.101.109:58648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/laravel/.env"] [unique_id "aioFjnBh93Mt9RCcCncMLQAAAMY"]
[Wed Jun 10 21:47:10.413536 2026] [security2:error] [pid 3052:tid 3060] [client 208.84.101.109:58648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/laravel/.env"] [unique_id "aioFjnBh93Mt9RCcCncMLQAAAMY"]
[Wed Jun 10 21:47:10.413975 2026] [security2:error] [pid 3052:tid 3060] [client 208.84.101.109:58648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjnBh93Mt9RCcCncMLQAAAMY"]
[Wed Jun 10 21:47:10.417882 2026] [security2:error] [pid 2938:tid 2943] [client 208.84.101.109:58548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local"] [unique_id "aioFjuRR3mM9pMB2F2-3vwAAAUI"]
[Wed Jun 10 21:47:10.418125 2026] [security2:error] [pid 2938:tid 2943] [client 208.84.101.109:58548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local"] [unique_id "aioFjuRR3mM9pMB2F2-3vwAAAUI"]
[Wed Jun 10 21:47:10.418450 2026] [security2:error] [pid 2938:tid 2943] [client 208.84.101.109:58548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjuRR3mM9pMB2F2-3vwAAAUI"]
[Wed Jun 10 21:47:10.501176 2026] [security2:error] [pid 31551:tid 31581] [client 208.84.101.109:58664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/src/.env"] [unique_id "aioFjtPH5u5NVjul-pkMHAAAARc"]
[Wed Jun 10 21:47:10.501467 2026] [security2:error] [pid 31551:tid 31581] [client 208.84.101.109:58664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/src/.env"] [unique_id "aioFjtPH5u5NVjul-pkMHAAAARc"]
[Wed Jun 10 21:47:10.501889 2026] [security2:error] [pid 31551:tid 31581] [client 208.84.101.109:58664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFjtPH5u5NVjul-pkMHAAAARc"]
[Wed Jun 10 21:47:11.016155 2026] [security2:error] [pid 18113:tid 18121] [client 208.84.101.109:58580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.staging"] [unique_id "aioFj5g3ctvEYD6EH9tZEgAAAEE"]
[Wed Jun 10 21:47:11.016457 2026] [security2:error] [pid 18113:tid 18121] [client 208.84.101.109:58580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.staging"] [unique_id "aioFj5g3ctvEYD6EH9tZEgAAAEE"]
[Wed Jun 10 21:47:11.016846 2026] [security2:error] [pid 18113:tid 18121] [client 208.84.101.109:58580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj5g3ctvEYD6EH9tZEgAAAEE"]
[Wed Jun 10 21:47:11.218352 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:58632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/backend/.env"] [unique_id "aioFj-RR3mM9pMB2F2-3wwAAAVA"]
[Wed Jun 10 21:47:11.218668 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:58632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/backend/.env"] [unique_id "aioFj-RR3mM9pMB2F2-3wwAAAVA"]
[Wed Jun 10 21:47:11.219002 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:58632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj-RR3mM9pMB2F2-3wwAAAVA"]
[Wed Jun 10 21:47:11.220441 2026] [security2:error] [pid 2996:tid 3005] [client 208.84.101.109:58744] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.aws/credentials"] [unique_id "aioFj0SZaG_29S05F-4QCAAAAIc"]
[Wed Jun 10 21:47:11.220705 2026] [security2:error] [pid 2996:tid 3005] [client 208.84.101.109:58744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.aws/credentials"] [unique_id "aioFj0SZaG_29S05F-4QCAAAAIc"]
[Wed Jun 10 21:47:11.221149 2026] [security2:error] [pid 2996:tid 3005] [client 208.84.101.109:58744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj0SZaG_29S05F-4QCAAAAIc"]
[Wed Jun 10 21:47:11.306281 2026] [security2:error] [pid 3052:tid 3059] [client 208.84.101.109:58588] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.old"] [unique_id "aioFj3Bh93Mt9RCcCncMNAAAAMU"]
[Wed Jun 10 21:47:11.306526 2026] [security2:error] [pid 3052:tid 3059] [client 208.84.101.109:58588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.old"] [unique_id "aioFj3Bh93Mt9RCcCncMNAAAAMU"]
[Wed Jun 10 21:47:11.306790 2026] [security2:error] [pid 3052:tid 3059] [client 208.84.101.109:58588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.old"] [unique_id "aioFj3Bh93Mt9RCcCncMNAAAAMU"]
[Wed Jun 10 21:47:11.307365 2026] [security2:error] [pid 3052:tid 3059] [client 208.84.101.109:58588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj3Bh93Mt9RCcCncMNAAAAMU"]
[Wed Jun 10 21:47:11.311827 2026] [security2:error] [pid 2996:tid 3004] [client 208.84.101.109:58670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/server/.env"] [unique_id "aioFj0SZaG_29S05F-4QCwAAAIY"]
[Wed Jun 10 21:47:11.312049 2026] [security2:error] [pid 2996:tid 3004] [client 208.84.101.109:58670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/server/.env"] [unique_id "aioFj0SZaG_29S05F-4QCwAAAIY"]
[Wed Jun 10 21:47:11.312460 2026] [security2:error] [pid 2996:tid 3004] [client 208.84.101.109:58670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj0SZaG_29S05F-4QCwAAAIY"]
[Wed Jun 10 21:47:11.511345 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:59236] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.kube/config"] [unique_id "aioFj-RR3mM9pMB2F2-3yAAAAVY"]
[Wed Jun 10 21:47:11.511557 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:59236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.kube/config"] [unique_id "aioFj-RR3mM9pMB2F2-3yAAAAVY"]
[Wed Jun 10 21:47:11.512001 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:59236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj-RR3mM9pMB2F2-3yAAAAVY"]
[Wed Jun 10 21:47:11.604013 2026] [security2:error] [pid 31551:tid 31580] [client 208.84.101.109:58576] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aioFj9PH5u5NVjul-pkMJgAAARY"]
[Wed Jun 10 21:47:11.604268 2026] [security2:error] [pid 31551:tid 31580] [client 208.84.101.109:58576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aioFj9PH5u5NVjul-pkMJgAAARY"]
[Wed Jun 10 21:47:11.604499 2026] [security2:error] [pid 31551:tid 31580] [client 208.84.101.109:58576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aioFj9PH5u5NVjul-pkMJgAAARY"]
[Wed Jun 10 21:47:11.604979 2026] [security2:error] [pid 31551:tid 31580] [client 208.84.101.109:58576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj9PH5u5NVjul-pkMJgAAARY"]
[Wed Jun 10 21:47:11.606261 2026] [security2:error] [pid 3052:tid 3061] [client 208.84.101.109:58966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production"] [unique_id "aioFj3Bh93Mt9RCcCncMOgAAAMc"]
[Wed Jun 10 21:47:11.606642 2026] [security2:error] [pid 3052:tid 3061] [client 208.84.101.109:58966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production"] [unique_id "aioFj3Bh93Mt9RCcCncMOgAAAMc"]
[Wed Jun 10 21:47:11.606992 2026] [security2:error] [pid 3052:tid 3061] [client 208.84.101.109:58966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj3Bh93Mt9RCcCncMOgAAAMc"]
[Wed Jun 10 21:47:11.608218 2026] [security2:error] [pid 31551:tid 31561] [client 208.84.101.109:58700] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aioFj9PH5u5NVjul-pkMJwAAAQM"]
[Wed Jun 10 21:47:11.608410 2026] [security2:error] [pid 31551:tid 31561] [client 208.84.101.109:58700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aioFj9PH5u5NVjul-pkMJwAAAQM"]
[Wed Jun 10 21:47:11.608702 2026] [security2:error] [pid 31551:tid 31561] [client 208.84.101.109:58700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aioFj9PH5u5NVjul-pkMJwAAAQM"]
[Wed Jun 10 21:47:11.609050 2026] [security2:error] [pid 18113:tid 18137] [client 208.84.101.109:58798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.save"] [unique_id "aioFj5g3ctvEYD6EH9tZHQAAAFE"]
[Wed Jun 10 21:47:11.609123 2026] [security2:error] [pid 31551:tid 31561] [client 208.84.101.109:58700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj9PH5u5NVjul-pkMJwAAAQM"]
[Wed Jun 10 21:47:11.609287 2026] [security2:error] [pid 18113:tid 18137] [client 208.84.101.109:58798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.save"] [unique_id "aioFj5g3ctvEYD6EH9tZHQAAAFE"]
[Wed Jun 10 21:47:11.609714 2026] [security2:error] [pid 18113:tid 18137] [client 208.84.101.109:58798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj5g3ctvEYD6EH9tZHQAAAFE"]
[Wed Jun 10 21:47:11.610632 2026] [security2:error] [pid 31551:tid 31577] [client 208.84.101.109:58764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/app/.env"] [unique_id "aioFj9PH5u5NVjul-pkMKAAAARM"]
[Wed Jun 10 21:47:11.610842 2026] [security2:error] [pid 31551:tid 31577] [client 208.84.101.109:58764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/app/.env"] [unique_id "aioFj9PH5u5NVjul-pkMKAAAARM"]
[Wed Jun 10 21:47:11.611217 2026] [security2:error] [pid 31551:tid 31577] [client 208.84.101.109:58764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj9PH5u5NVjul-pkMKAAAARM"]
[Wed Jun 10 21:47:11.616285 2026] [security2:error] [pid 2863:tid 2879] [client 208.84.101.109:58896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/api/.env"] [unique_id "aioFj-4kH98IGZHc5CU4dAAAAAo"]
[Wed Jun 10 21:47:11.616499 2026] [security2:error] [pid 2863:tid 2879] [client 208.84.101.109:58896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/api/.env"] [unique_id "aioFj-4kH98IGZHc5CU4dAAAAAo"]
[Wed Jun 10 21:47:11.617717 2026] [security2:error] [pid 2863:tid 2879] [client 208.84.101.109:58896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj-4kH98IGZHc5CU4dAAAAAo"]
[Wed Jun 10 21:47:11.712293 2026] [security2:error] [pid 2938:tid 2954] [client 208.84.101.109:58568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/web/.env"] [unique_id "aioFj-RR3mM9pMB2F2-3zgAAAU0"]
[Wed Jun 10 21:47:11.712665 2026] [security2:error] [pid 2938:tid 2954] [client 208.84.101.109:58568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/web/.env"] [unique_id "aioFj-RR3mM9pMB2F2-3zgAAAU0"]
[Wed Jun 10 21:47:11.713019 2026] [security2:error] [pid 2938:tid 2954] [client 208.84.101.109:58568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj-RR3mM9pMB2F2-3zgAAAU0"]
[Wed Jun 10 21:47:11.809152 2026] [security2:error] [pid 2938:tid 2961] [client 208.84.101.109:59230] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.docker/config.json"] [unique_id "aioFj-RR3mM9pMB2F2-30AAAAVQ"]
[Wed Jun 10 21:47:11.809487 2026] [security2:error] [pid 2938:tid 2961] [client 208.84.101.109:59230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.docker/config.json"] [unique_id "aioFj-RR3mM9pMB2F2-30AAAAVQ"]
[Wed Jun 10 21:47:11.809879 2026] [security2:error] [pid 2938:tid 2961] [client 208.84.101.109:59230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj-RR3mM9pMB2F2-30AAAAVQ"]
[Wed Jun 10 21:47:11.811785 2026] [security2:error] [pid 18113:tid 18130] [client 208.84.101.109:59292] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.development"] [unique_id "aioFj5g3ctvEYD6EH9tZIAAAAEo"]
[Wed Jun 10 21:47:11.812071 2026] [security2:error] [pid 18113:tid 18130] [client 208.84.101.109:59292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.development"] [unique_id "aioFj5g3ctvEYD6EH9tZIAAAAEo"]
[Wed Jun 10 21:47:11.812642 2026] [security2:error] [pid 18113:tid 18130] [client 208.84.101.109:59292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFj5g3ctvEYD6EH9tZIAAAAEo"]
[Wed Jun 10 21:47:15.123185 2026] [security2:error] [pid 18113:tid 18131] [client 208.84.101.109:58586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.test"] [unique_id "aioFk5g3ctvEYD6EH9tZJgAAAEs"]
[Wed Jun 10 21:47:15.123639 2026] [security2:error] [pid 18113:tid 18131] [client 208.84.101.109:58586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.test"] [unique_id "aioFk5g3ctvEYD6EH9tZJgAAAEs"]
[Wed Jun 10 21:47:15.124110 2026] [security2:error] [pid 18113:tid 18131] [client 208.84.101.109:58586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFk5g3ctvEYD6EH9tZJgAAAEs"]
[Wed Jun 10 21:47:22.416290 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.copy"] [unique_id "aioFmtPH5u5NVjul-pkMTQAAAQ8"]
[Wed Jun 10 21:47:22.418643 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.copy"] [unique_id "aioFmtPH5u5NVjul-pkMTQAAAQ8"]
[Wed Jun 10 21:47:22.419091 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFmtPH5u5NVjul-pkMTQAAAQ8"]
[Wed Jun 10 21:47:24.401417 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/HEAD"] [unique_id "aioFnNPH5u5NVjul-pkMWAAAAQ8"]
[Wed Jun 10 21:47:24.401938 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/HEAD"] [unique_id "aioFnNPH5u5NVjul-pkMWAAAAQ8"]
[Wed Jun 10 21:47:24.402378 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnNPH5u5NVjul-pkMWAAAAQ8"]
[Wed Jun 10 21:47:25.201873 2026] [security2:error] [pid 2863:tid 2889] [client 208.84.101.109:39894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aioFne4kH98IGZHc5CU4yQAAABQ"]
[Wed Jun 10 21:47:25.202207 2026] [security2:error] [pid 2863:tid 2889] [client 208.84.101.109:39894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aioFne4kH98IGZHc5CU4yQAAABQ"]
[Wed Jun 10 21:47:25.202549 2026] [security2:error] [pid 2863:tid 2889] [client 208.84.101.109:39894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFne4kH98IGZHc5CU4yQAAABQ"]
[Wed Jun 10 21:47:25.402974 2026] [security2:error] [pid 31551:tid 31572] [client 208.84.101.109:39898] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aioFndPH5u5NVjul-pkMXgAAAQ4"]
[Wed Jun 10 21:47:25.403347 2026] [security2:error] [pid 31551:tid 31572] [client 208.84.101.109:39898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aioFndPH5u5NVjul-pkMXgAAAQ4"]
[Wed Jun 10 21:47:25.403737 2026] [security2:error] [pid 31551:tid 31572] [client 208.84.101.109:39898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFndPH5u5NVjul-pkMXgAAAQ4"]
[Wed Jun 10 21:47:25.503769 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:39964] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.backup"] [unique_id "aioFneRR3mM9pMB2F2-33wAAAVA"]
[Wed Jun 10 21:47:25.504092 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:39964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.backup"] [unique_id "aioFneRR3mM9pMB2F2-33wAAAVA"]
[Wed Jun 10 21:47:25.504608 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:39964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.backup"] [unique_id "aioFneRR3mM9pMB2F2-33wAAAVA"]
[Wed Jun 10 21:47:25.505030 2026] [security2:error] [pid 2938:tid 2957] [client 208.84.101.109:39964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFneRR3mM9pMB2F2-33wAAAVA"]
[Wed Jun 10 21:47:25.509854 2026] [security2:error] [pid 31551:tid 31571] [client 208.84.101.109:39930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.copy"] [unique_id "aioFndPH5u5NVjul-pkMXwAAAQ0"]
[Wed Jun 10 21:47:25.510101 2026] [security2:error] [pid 31551:tid 31571] [client 208.84.101.109:39930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.copy"] [unique_id "aioFndPH5u5NVjul-pkMXwAAAQ0"]
[Wed Jun 10 21:47:25.510434 2026] [security2:error] [pid 31551:tid 31571] [client 208.84.101.109:39930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFndPH5u5NVjul-pkMXwAAAQ0"]
[Wed Jun 10 21:47:25.610394 2026] [security2:error] [pid 18113:tid 18138] [client 208.84.101.109:39862] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/config"] [unique_id "aioFnZg3ctvEYD6EH9tZRwAAAFI"]
[Wed Jun 10 21:47:25.610831 2026] [security2:error] [pid 18113:tid 18138] [client 208.84.101.109:39862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/config"] [unique_id "aioFnZg3ctvEYD6EH9tZRwAAAFI"]
[Wed Jun 10 21:47:25.611247 2026] [security2:error] [pid 18113:tid 18138] [client 208.84.101.109:39862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnZg3ctvEYD6EH9tZRwAAAFI"]
[Wed Jun 10 21:47:26.013940 2026] [security2:error] [pid 2863:tid 2890] [client 208.84.101.109:39904] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env~"] [unique_id "aioFnu4kH98IGZHc5CU40AAAABU"]
[Wed Jun 10 21:47:26.014172 2026] [security2:error] [pid 2863:tid 2890] [client 208.84.101.109:39904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env~"] [unique_id "aioFnu4kH98IGZHc5CU40AAAABU"]
[Wed Jun 10 21:47:26.014515 2026] [security2:error] [pid 2863:tid 2890] [client 208.84.101.109:39904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env~"] [unique_id "aioFnu4kH98IGZHc5CU40AAAABU"]
[Wed Jun 10 21:47:26.015016 2026] [security2:error] [pid 2863:tid 2890] [client 208.84.101.109:39904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnu4kH98IGZHc5CU40AAAABU"]
[Wed Jun 10 21:47:26.018201 2026] [security2:error] [pid 2996:tid 3012] [client 208.84.101.109:39878] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aioFnkSZaG_29S05F-4QbwAAAI4"]
[Wed Jun 10 21:47:26.018440 2026] [security2:error] [pid 2996:tid 3012] [client 208.84.101.109:39878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aioFnkSZaG_29S05F-4QbwAAAI4"]
[Wed Jun 10 21:47:26.018804 2026] [security2:error] [pid 2996:tid 3012] [client 208.84.101.109:39878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnkSZaG_29S05F-4QbwAAAI4"]
[Wed Jun 10 21:47:26.596811 2026] [security2:error] [pid 2938:tid 2951] [client 208.84.101.109:40052] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production~"] [unique_id "aioFnuRR3mM9pMB2F2-34QAAAUo"]
[Wed Jun 10 21:47:26.597040 2026] [security2:error] [pid 2938:tid 2951] [client 208.84.101.109:40052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production~"] [unique_id "aioFnuRR3mM9pMB2F2-34QAAAUo"]
[Wed Jun 10 21:47:26.597608 2026] [security2:error] [pid 2938:tid 2951] [client 208.84.101.109:40052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production~"] [unique_id "aioFnuRR3mM9pMB2F2-34QAAAUo"]
[Wed Jun 10 21:47:26.597998 2026] [security2:error] [pid 2938:tid 2951] [client 208.84.101.109:40052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnuRR3mM9pMB2F2-34QAAAUo"]
[Wed Jun 10 21:47:26.599372 2026] [security2:error] [pid 18113:tid 18144] [client 208.84.101.109:40002] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.bak"] [unique_id "aioFnpg3ctvEYD6EH9tZSQAAAFg"]
[Wed Jun 10 21:47:26.599621 2026] [security2:error] [pid 18113:tid 18144] [client 208.84.101.109:40002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.bak"] [unique_id "aioFnpg3ctvEYD6EH9tZSQAAAFg"]
[Wed Jun 10 21:47:26.599864 2026] [security2:error] [pid 18113:tid 18144] [client 208.84.101.109:40002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.bak"] [unique_id "aioFnpg3ctvEYD6EH9tZSQAAAFg"]
[Wed Jun 10 21:47:26.600275 2026] [security2:error] [pid 18113:tid 18144] [client 208.84.101.109:40002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnpg3ctvEYD6EH9tZSQAAAFg"]
[Wed Jun 10 21:47:26.600926 2026] [security2:error] [pid 2996:tid 3003] [client 208.84.101.109:39984] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local~"] [unique_id "aioFnkSZaG_29S05F-4QdAAAAIU"]
[Wed Jun 10 21:47:26.601161 2026] [security2:error] [pid 2996:tid 3003] [client 208.84.101.109:39984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local~"] [unique_id "aioFnkSZaG_29S05F-4QdAAAAIU"]
[Wed Jun 10 21:47:26.601363 2026] [security2:error] [pid 2996:tid 3003] [client 208.84.101.109:39984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local~"] [unique_id "aioFnkSZaG_29S05F-4QdAAAAIU"]
[Wed Jun 10 21:47:26.601752 2026] [security2:error] [pid 2996:tid 3003] [client 208.84.101.109:39984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnkSZaG_29S05F-4QdAAAAIU"]
[Wed Jun 10 21:47:26.602011 2026] [security2:error] [pid 3052:tid 3072] [client 208.84.101.109:39990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.copy"] [unique_id "aioFnnBh93Mt9RCcCncMXAAAANI"]
[Wed Jun 10 21:47:26.602282 2026] [security2:error] [pid 3052:tid 3072] [client 208.84.101.109:39990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.copy"] [unique_id "aioFnnBh93Mt9RCcCncMXAAAANI"]
[Wed Jun 10 21:47:26.602623 2026] [security2:error] [pid 3052:tid 3072] [client 208.84.101.109:39990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnnBh93Mt9RCcCncMXAAAANI"]
[Wed Jun 10 21:47:26.602909 2026] [security2:error] [pid 2863:tid 2871] [client 208.84.101.109:40034] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.backup"] [unique_id "aioFnu4kH98IGZHc5CU41QAAAAI"]
[Wed Jun 10 21:47:26.603233 2026] [security2:error] [pid 2863:tid 2871] [client 208.84.101.109:40034] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.backup"] [unique_id "aioFnu4kH98IGZHc5CU41QAAAAI"]
[Wed Jun 10 21:47:26.603452 2026] [security2:error] [pid 2863:tid 2871] [client 208.84.101.109:40034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.backup"] [unique_id "aioFnu4kH98IGZHc5CU41QAAAAI"]
[Wed Jun 10 21:47:26.603762 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:40046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.save"] [unique_id "aioFnuRR3mM9pMB2F2-34gAAAVY"]
[Wed Jun 10 21:47:26.603958 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:40046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.save"] [unique_id "aioFnuRR3mM9pMB2F2-34gAAAVY"]
[Wed Jun 10 21:47:26.604297 2026] [security2:error] [pid 2938:tid 2963] [client 208.84.101.109:40046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnuRR3mM9pMB2F2-34gAAAVY"]
[Wed Jun 10 21:47:26.604655 2026] [security2:error] [pid 2996:tid 3021] [client 208.84.101.109:40062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.orig"] [unique_id "aioFnkSZaG_29S05F-4QdQAAAJc"]
[Wed Jun 10 21:47:26.604927 2026] [security2:error] [pid 2996:tid 3021] [client 208.84.101.109:40062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.orig"] [unique_id "aioFnkSZaG_29S05F-4QdQAAAJc"]
[Wed Jun 10 21:47:26.605261 2026] [security2:error] [pid 2996:tid 3021] [client 208.84.101.109:40062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnkSZaG_29S05F-4QdQAAAJc"]
[Wed Jun 10 21:47:26.605509 2026] [security2:error] [pid 31551:tid 31565] [client 208.84.101.109:39986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.orig"] [unique_id "aioFntPH5u5NVjul-pkMaAAAAQc"]
[Wed Jun 10 21:47:26.605874 2026] [security2:error] [pid 31551:tid 31565] [client 208.84.101.109:39986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.orig"] [unique_id "aioFntPH5u5NVjul-pkMaAAAAQc"]
[Wed Jun 10 21:47:26.606230 2026] [security2:error] [pid 31551:tid 31565] [client 208.84.101.109:39986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFntPH5u5NVjul-pkMaAAAAQc"]
[Wed Jun 10 21:47:26.612525 2026] [security2:error] [pid 2863:tid 2871] [client 208.84.101.109:40034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFnu4kH98IGZHc5CU41QAAAAI"]
[Wed Jun 10 21:47:26.798094 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aioFntPH5u5NVjul-pkMawAAAQ8"]
[Wed Jun 10 21:47:26.798387 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aioFntPH5u5NVjul-pkMawAAAQ8"]
[Wed Jun 10 21:47:26.798918 2026] [security2:error] [pid 31551:tid 31573] [client 208.84.101.109:39858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFntPH5u5NVjul-pkMawAAAQ8"]
[Wed Jun 10 21:47:26.808066 2026] [security2:error] [pid 31551:tid 31574] [client 208.84.101.109:40018] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.old"] [unique_id "aioFntPH5u5NVjul-pkMbAAAARA"]
[Wed Jun 10 21:47:26.808335 2026] [security2:error] [pid 31551:tid 31574] [client 208.84.101.109:40018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.old"] [unique_id "aioFntPH5u5NVjul-pkMbAAAARA"]
[Wed Jun 10 21:47:26.808685 2026] [security2:error] [pid 31551:tid 31574] [client 208.84.101.109:40018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.old"] [unique_id "aioFntPH5u5NVjul-pkMbAAAARA"]
[Wed Jun 10 21:47:26.809257 2026] [security2:error] [pid 31551:tid 31574] [client 208.84.101.109:40018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFntPH5u5NVjul-pkMbAAAARA"]
[Wed Jun 10 21:47:27.014070 2026] [security2:error] [pid 18113:tid 18126] [client 208.84.101.109:40076] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.swp"] [unique_id "aioFn5g3ctvEYD6EH9tZTAAAAEY"]
[Wed Jun 10 21:47:27.014426 2026] [security2:error] [pid 18113:tid 18126] [client 208.84.101.109:40076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.swp"] [unique_id "aioFn5g3ctvEYD6EH9tZTAAAAEY"]
[Wed Jun 10 21:47:27.014819 2026] [security2:error] [pid 18113:tid 18126] [client 208.84.101.109:40076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.swp"] [unique_id "aioFn5g3ctvEYD6EH9tZTAAAAEY"]
[Wed Jun 10 21:47:27.015192 2026] [security2:error] [pid 18113:tid 18126] [client 208.84.101.109:40076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn5g3ctvEYD6EH9tZTAAAAEY"]
[Wed Jun 10 21:47:27.297314 2026] [security2:error] [pid 3052:tid 3062] [client 208.84.101.109:39920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.orig"] [unique_id "aioFn3Bh93Mt9RCcCncMXQAAAMg"]
[Wed Jun 10 21:47:27.297535 2026] [security2:error] [pid 3052:tid 3062] [client 208.84.101.109:39920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.orig"] [unique_id "aioFn3Bh93Mt9RCcCncMXQAAAMg"]
[Wed Jun 10 21:47:27.297952 2026] [security2:error] [pid 3052:tid 3062] [client 208.84.101.109:39920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn3Bh93Mt9RCcCncMXQAAAMg"]
[Wed Jun 10 21:47:27.298760 2026] [security2:error] [pid 18113:tid 18124] [client 208.84.101.109:39940] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.bak"] [unique_id "aioFn5g3ctvEYD6EH9tZTgAAAEQ"]
[Wed Jun 10 21:47:27.299021 2026] [security2:error] [pid 18113:tid 18124] [client 208.84.101.109:39940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.bak"] [unique_id "aioFn5g3ctvEYD6EH9tZTgAAAEQ"]
[Wed Jun 10 21:47:27.299268 2026] [security2:error] [pid 18113:tid 18124] [client 208.84.101.109:39940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.bak"] [unique_id "aioFn5g3ctvEYD6EH9tZTgAAAEQ"]
[Wed Jun 10 21:47:27.299642 2026] [security2:error] [pid 18113:tid 18124] [client 208.84.101.109:39940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn5g3ctvEYD6EH9tZTgAAAEQ"]
[Wed Jun 10 21:47:27.310807 2026] [security2:error] [pid 2996:tid 3015] [client 208.84.101.109:39956] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.old"] [unique_id "aioFn0SZaG_29S05F-4QeQAAAJE"]
[Wed Jun 10 21:47:27.311026 2026] [security2:error] [pid 2996:tid 3015] [client 208.84.101.109:39956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.old"] [unique_id "aioFn0SZaG_29S05F-4QeQAAAJE"]
[Wed Jun 10 21:47:27.311328 2026] [security2:error] [pid 2996:tid 3015] [client 208.84.101.109:39956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.old"] [unique_id "aioFn0SZaG_29S05F-4QeQAAAJE"]
[Wed Jun 10 21:47:27.311779 2026] [security2:error] [pid 2996:tid 3015] [client 208.84.101.109:39956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn0SZaG_29S05F-4QeQAAAJE"]
[Wed Jun 10 21:47:27.315676 2026] [security2:error] [pid 18113:tid 18143] [client 208.84.101.109:39970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.save"] [unique_id "aioFn5g3ctvEYD6EH9tZTwAAAFc"]
[Wed Jun 10 21:47:27.315899 2026] [security2:error] [pid 18113:tid 18143] [client 208.84.101.109:39970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local.save"] [unique_id "aioFn5g3ctvEYD6EH9tZTwAAAFc"]
[Wed Jun 10 21:47:27.316276 2026] [security2:error] [pid 18113:tid 18143] [client 208.84.101.109:39970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn5g3ctvEYD6EH9tZTwAAAFc"]
[Wed Jun 10 21:47:27.317794 2026] [security2:error] [pid 2938:tid 2950] [client 208.84.101.109:39910] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.swp"] [unique_id "aioFn-RR3mM9pMB2F2-34wAAAUk"]
[Wed Jun 10 21:47:27.318035 2026] [security2:error] [pid 2938:tid 2950] [client 208.84.101.109:39910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.swp"] [unique_id "aioFn-RR3mM9pMB2F2-34wAAAUk"]
[Wed Jun 10 21:47:27.318258 2026] [security2:error] [pid 2938:tid 2950] [client 208.84.101.109:39910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production.swp"] [unique_id "aioFn-RR3mM9pMB2F2-34wAAAUk"]
[Wed Jun 10 21:47:27.318590 2026] [security2:error] [pid 2938:tid 2950] [client 208.84.101.109:39910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn-RR3mM9pMB2F2-34wAAAUk"]
[Wed Jun 10 21:47:27.319830 2026] [security2:error] [pid 2996:tid 3017] [client 208.84.101.109:39866] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.swp"] [unique_id "aioFn0SZaG_29S05F-4QegAAAJM"]
[Wed Jun 10 21:47:27.320014 2026] [security2:error] [pid 2996:tid 3017] [client 208.84.101.109:39866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.swp"] [unique_id "aioFn0SZaG_29S05F-4QegAAAJM"]
[Wed Jun 10 21:47:27.320198 2026] [security2:error] [pid 2996:tid 3017] [client 208.84.101.109:39866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.swp"] [unique_id "aioFn0SZaG_29S05F-4QegAAAJM"]
[Wed Jun 10 21:47:27.320523 2026] [security2:error] [pid 2996:tid 3017] [client 208.84.101.109:39866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aioFn0SZaG_29S05F-4QegAAAJM"]
[Wed Jun 10 21:57:54.852869 2026] [security2:error] [pid 3052:tid 3060] [client 94.247.172.129:53328] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "close, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aioIEnBh93Mt9RCcCncU_wAAAMY"]
[Wed Jun 10 21:58:56.756123 2026] [security2:error] [pid 2938:tid 2942] [client 95.111.199.201:38386] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aioIUORR3mM9pMB2F2_BsAAAAUE"]
[Wed Jun 10 21:58:56.967086 2026] [security2:error] [pid 18113:tid 18124] [client 95.111.199.201:36070] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aioIUJg3ctvEYD6EH9tf5gAAAEQ"]
[Wed Jun 10 21:58:57.179209 2026] [security2:error] [pid 18113:tid 18124] [client 95.111.199.201:36070] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioIUZg3ctvEYD6EH9tf5wAAAEQ"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 21:59:20.316673 2026] [security2:error] [pid 2996:tid 3018] [client 165.154.129.201:45120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioIaESZaG_29S05F-4adwAAAJQ"]
[Wed Jun 10 21:59:32.835415 2026] [security2:error] [pid 2996:tid 3011] [client 95.111.199.201:54708] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aioIdESZaG_29S05F-4asAAAAI0"]
[Wed Jun 10 21:59:33.230021 2026] [security2:error] [pid 18113:tid 18138] [client 95.111.199.201:54718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aioIdZg3ctvEYD6EH9tgpwAAAFI"]
[Wed Jun 10 21:59:35.523768 2026] [security2:error] [pid 2938:tid 2949] [client 43.165.170.119:37920] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioId-RR3mM9pMB2F2_CEgAAAUg"]
[Wed Jun 10 21:59:35.523880 2026] [security2:error] [pid 2938:tid 2949] [client 43.165.170.119:37920] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioId-RR3mM9pMB2F2_CEgAAAUg"]
[Wed Jun 10 21:59:35.524418 2026] [security2:error] [pid 2938:tid 2949] [client 43.165.170.119:37920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioId-RR3mM9pMB2F2_CEgAAAUg"]
[Wed Jun 10 21:59:35.525271 2026] [security2:error] [pid 2938:tid 2949] [client 43.165.170.119:37920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioId-RR3mM9pMB2F2_CEgAAAUg"]
[Wed Jun 10 22:01:08.893013 2026] [security2:error] [pid 2863:tid 2878] [client 165.154.182.168:53504] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioI1O4kH98IGZHc5CVCFAAAAAk"]
[Wed Jun 10 22:01:09.009113 2026] [security2:error] [pid 2938:tid 2953] [client 165.154.182.168:53560] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aioI1eRR3mM9pMB2F2_CsgAAAUw"]
[Wed Jun 10 22:01:09.130802 2026] [security2:error] [pid 3052:tid 3061] [client 165.154.182.168:53588] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioI1XBh93Mt9RCcCncXJAAAAMc"], referer: https://13.66.22.226/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:01:09.361986 2026] [security2:error] [pid 18113:tid 18125] [client 165.154.182.168:53664] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi/robots.txt"] [unique_id "aioI1Zg3ctvEYD6EH9tiMQAAAEU"]
[Wed Jun 10 22:01:09.362736 2026] [security2:error] [pid 2863:tid 2885] [client 165.154.182.168:53662] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi/sitemap.xml"] [unique_id "aioI1e4kH98IGZHc5CVCFgAAABA"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:01:11.402561 2026] [security2:error] [pid 2938:tid 2942] [client 165.154.182.168:54214] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioI1-RR3mM9pMB2F2_CugAAAUE"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:01:11.628037 2026] [security2:error] [pid 3052:tid 3055] [client 165.154.182.168:54342] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aioI13Bh93Mt9RCcCncXMQAAAME"]
[Wed Jun 10 22:01:11.763247 2026] [security2:error] [pid 2863:tid 2880] [client 165.154.182.168:54394] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioI1-4kH98IGZHc5CVCHwAAAAs"], referer: https://13.66.22.226/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:01:11.926727 2026] [security2:error] [pid 2938:tid 2945] [client 165.154.182.168:54428] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi/robots.txt"] [unique_id "aioI1-RR3mM9pMB2F2_CvAAAAUQ"]
[Wed Jun 10 22:01:11.929099 2026] [security2:error] [pid 31551:tid 31572] [client 165.154.182.168:54430] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi/sitemap.xml"] [unique_id "aioI19PH5u5NVjul-pkZZwAAAQ4"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:07:57.491973 2026] [security2:error] [pid 3052:tid 3076] [client 78.153.140.250:47766] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioKbXBh93Mt9RCcCncd1AAAANY"]
[Wed Jun 10 22:07:57.492200 2026] [security2:error] [pid 3052:tid 3076] [client 78.153.140.250:47766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioKbXBh93Mt9RCcCncd1AAAANY"]
[Wed Jun 10 22:07:57.492551 2026] [security2:error] [pid 3052:tid 3076] [client 78.153.140.250:47766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioKbXBh93Mt9RCcCncd1AAAANY"]
[Wed Jun 10 22:07:57.492893 2026] [security2:error] [pid 3052:tid 3076] [client 78.153.140.250:47766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioKbXBh93Mt9RCcCncd1AAAANY"]
[Wed Jun 10 22:07:58.091311 2026] [security2:error] [pid 2938:tid 2941] [client 78.153.140.250:47772] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioKbuRR3mM9pMB2F2_HngAAAUA"]
[Wed Jun 10 22:14:40.374838 2026] [security2:error] [pid 2863:tid 2888] [client 69.5.169.191:1864] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/onvif/device_service"] [unique_id "aioMAO4kH98IGZHc5CVNEwAAABM"]
[Wed Jun 10 22:14:40.752384 2026] [security2:error] [pid 31551:tid 31558] [client 69.5.169.241:5690] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioMANPH5u5NVjul-pkkKQAAAQA"]
[Wed Jun 10 22:14:41.134071 2026] [security2:error] [pid 2996:tid 3019] [client 69.5.169.243:5770] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aioMAUSZaG_29S05F-4nUAAAAJU"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Wed Jun 10 22:14:41.618124 2026] [security2:error] [pid 31551:tid 31574] [client 69.5.169.161:2220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aioMAdPH5u5NVjul-pkkLwAAARA"]
[Wed Jun 10 22:17:31.646688 2026] [security2:error] [pid 2996:tid 3004] [client 69.5.169.29:3460] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioMq0SZaG_29S05F-4qWwAAAIY"]
[Wed Jun 10 22:34:05.604213 2026] [security2:error] [pid 2863:tid 2885] [client 78.153.140.93:44290] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioQje4kH98IGZHc5CVbHwAAABA"]
[Wed Jun 10 22:34:05.604529 2026] [security2:error] [pid 2863:tid 2885] [client 78.153.140.93:44290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioQje4kH98IGZHc5CVbHwAAABA"]
[Wed Jun 10 22:34:05.604917 2026] [security2:error] [pid 2863:tid 2885] [client 78.153.140.93:44290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioQje4kH98IGZHc5CVbHwAAABA"]
[Wed Jun 10 22:34:05.606130 2026] [security2:error] [pid 2863:tid 2885] [client 78.153.140.93:44290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioQje4kH98IGZHc5CVbHwAAABA"]
[Wed Jun 10 22:34:05.979011 2026] [security2:error] [pid 3052:tid 3072] [client 78.153.140.93:44292] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioQjXBh93Mt9RCcCnc0mAAAANI"]
[Wed Jun 10 22:37:03.980918 2026] [security2:error] [pid 31551:tid 31576] [client 66.228.53.4:37324] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioRP9PH5u5NVjul-pk4QwAAARI"]
[Wed Jun 10 22:41:30.860884 2026] [security2:error] [pid 31551:tid 31575] [client 205.210.31.21:61098] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioSStPH5u5NVjul-pk90gAAARE"]
[Wed Jun 10 22:42:17.297837 2026] [security2:error] [pid 2938:tid 2942] [client 176.65.139.36:47274] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "146.56.180.42:3333"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "146.56.180.42"] [uri "/"] [unique_id "aioSeeRR3mM9pMB2F2_kcgAAAUE"]
[Wed Jun 10 22:53:10.569813 2026] [core:error] [pid 18113:tid 18138] [client 101.47.8.187:54868] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Wed Jun 10 22:56:06.287958 2026] [security2:error] [pid 31551:tid 31564] [client 204.76.203.81:42760] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioVttPH5u5NVjul-plKZQAAAQY"]
[Wed Jun 10 23:00:01.939762 2026] [security2:error] [pid 18113:tid 18130] [client 43.165.65.117:53738] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aioWoZg3ctvEYD6EH9uUkQAAAEo"], referer: http://machen.ai
[Wed Jun 10 23:00:46.461234 2026] [security2:error] [pid 31551:tid 31564] [client 8.216.67.166:38788] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioWztPH5u5NVjul-plOMQAAAQY"]
[Wed Jun 10 23:00:47.475718 2026] [security2:error] [pid 2863:tid 2876] [client 8.216.67.166:39036] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aioWz-4kH98IGZHc5CVzuAAAAAc"]
[Wed Jun 10 23:00:58.265065 2026] [security2:error] [pid 18113:tid 18139] [client 8.216.65.152:52034] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioW2pg3ctvEYD6EH9uVFwAAAFM"]
[Wed Jun 10 23:00:59.416012 2026] [security2:error] [pid 2863:tid 2871] [client 8.216.65.152:52364] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioW2-4kH98IGZHc5CVz2AAAAAI"]
[Wed Jun 10 23:01:00.524041 2026] [security2:error] [pid 2938:tid 2953] [client 8.216.65.152:52558] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aioW3ORR3mM9pMB2F2_xGAAAAUw"]
[Wed Jun 10 23:25:25.993875 2026] [security2:error] [pid 31551:tid 31558] [client 43.135.133.241:44162] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiocldPH5u5NVjul-plinQAAAQA"]
[Wed Jun 10 23:29:33.171057 2026] [security2:error] [pid 2996:tid 3009] [client 195.184.76.165:52239] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiodjUSZaG_29S05F-5jWAAAAIs"]
[Wed Jun 10 23:31:04.429341 2026] [security2:error] [pid 3052:tid 3057] [client 64.227.79.139:33534] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiod6HBh93Mt9RCcCndk2AAAAMM"]
[Wed Jun 10 23:31:04.884013 2026] [security2:error] [pid 2863:tid 2871] [client 64.227.79.139:33548] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiod6O4kH98IGZHc5CWKbQAAAAI"]
[Wed Jun 10 23:31:35.333463 2026] [security2:error] [pid 2863:tid 2892] [client 91.230.168.176:56141] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aioeB-4kH98IGZHc5CWLJAAAABc"]
[Wed Jun 10 23:34:16.789889 2026] [security2:error] [pid 2996:tid 3015] [client 172.236.254.181:31472] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioeqESZaG_29S05F-5m0wAAAJE"], referer: http://13.84.161.190/
[Wed Jun 10 23:34:48.177182 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aioeyO4kH98IGZHc5CWNNwAAABA"]
[Wed Jun 10 23:34:48.177493 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aioeyO4kH98IGZHc5CWNNwAAABA"]
[Wed Jun 10 23:34:48.177832 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aioeyO4kH98IGZHc5CWNNwAAABA"]
[Wed Jun 10 23:34:48.317492 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioeyO4kH98IGZHc5CWNNwAAABA"]
[Wed Jun 10 23:34:48.438941 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "aioeyO4kH98IGZHc5CWNOQAAABA"]
[Wed Jun 10 23:34:48.439176 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "aioeyO4kH98IGZHc5CWNOQAAABA"]
[Wed Jun 10 23:34:48.439419 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "aioeyO4kH98IGZHc5CWNOQAAABA"]
[Wed Jun 10 23:34:48.565422 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioeyO4kH98IGZHc5CWNOQAAABA"]
[Wed Jun 10 23:34:48.685759 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "aioeyO4kH98IGZHc5CWNOgAAABA"]
[Wed Jun 10 23:34:48.686020 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "aioeyO4kH98IGZHc5CWNOgAAABA"]
[Wed Jun 10 23:34:48.686309 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "aioeyO4kH98IGZHc5CWNOgAAABA"]
[Wed Jun 10 23:34:48.814532 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioeyO4kH98IGZHc5CWNOgAAABA"]
[Wed Jun 10 23:34:48.939787 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "aioeyO4kH98IGZHc5CWNPAAAABA"]
[Wed Jun 10 23:34:48.940036 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "aioeyO4kH98IGZHc5CWNPAAAABA"]
[Wed Jun 10 23:34:48.940276 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "aioeyO4kH98IGZHc5CWNPAAAABA"]
[Wed Jun 10 23:34:49.098466 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioeyO4kH98IGZHc5CWNPAAAABA"]
[Wed Jun 10 23:34:49.224531 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "aioeye4kH98IGZHc5CWNPQAAABA"]
[Wed Jun 10 23:34:49.224839 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "aioeye4kH98IGZHc5CWNPQAAABA"]
[Wed Jun 10 23:34:49.225134 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "aioeye4kH98IGZHc5CWNPQAAABA"]
[Wed Jun 10 23:34:49.406507 2026] [security2:error] [pid 2863:tid 2885] [client 213.209.159.175:1091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioeye4kH98IGZHc5CWNPQAAABA"]
[Wed Jun 10 23:36:26.969161 2026] [security2:error] [pid 31551:tid 31579] [client 64.227.79.139:56004] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiofKtPH5u5NVjul-plryQAAARU"]
[Wed Jun 10 23:36:27.230035 2026] [security2:error] [pid 18113:tid 18125] [client 64.227.79.139:56016] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiofK5g3ctvEYD6EH9uwRAAAAEU"]
[Wed Jun 10 23:44:34.853991 2026] [security2:error] [pid 2996:tid 3000] [client 139.59.155.234:51820] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiohEkSZaG_29S05F-5w-AAAAII"]
[Wed Jun 10 23:44:35.115704 2026] [security2:error] [pid 2863:tid 2892] [client 139.59.155.234:51830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiohE-4kH98IGZHc5CWVNwAAABc"], referer: http://13.66.22.226/
[Wed Jun 10 23:44:55.846123 2026] [security2:error] [pid 2863:tid 2885] [client 45.148.10.67:55708] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiohJ-4kH98IGZHc5CWVsgAAABA"]
[Wed Jun 10 23:56:18.497314 2026] [security2:error] [pid 31551:tid 31567] [client 20.150.194.49:35364] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioj0tPH5u5NVjul-pl4awAAAQk"]
[Wed Jun 10 23:56:18.497476 2026] [security2:error] [pid 31551:tid 31567] [client 20.150.194.49:35364] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioj0tPH5u5NVjul-pl4awAAAQk"]
[Wed Jun 10 23:56:18.497866 2026] [security2:error] [pid 31551:tid 31567] [client 20.150.194.49:35364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioj0tPH5u5NVjul-pl4awAAAQk"]
[Wed Jun 10 23:56:19.286135 2026] [security2:error] [pid 31551:tid 31567] [client 20.150.194.49:35364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioj0tPH5u5NVjul-pl4awAAAQk"]
[Wed Jun 10 23:59:09.923935 2026] [security2:error] [pid 3052:tid 3067] [client 1.14.110.85:41674] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aiokfXBh93Mt9RCcCnd6-wAAAM0"], referer: http://machen.ai
[Thu Jun 11 00:01:00.628682 2026] [security2:error] [pid 2938:tid 2951] [client 78.153.140.93:49006] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiok7ORR3mM9pMB2F28j1AAAAUo"]
[Thu Jun 11 00:01:00.628915 2026] [security2:error] [pid 2938:tid 2951] [client 78.153.140.93:49006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiok7ORR3mM9pMB2F28j1AAAAUo"]
[Thu Jun 11 00:01:00.629175 2026] [security2:error] [pid 2938:tid 2951] [client 78.153.140.93:49006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiok7ORR3mM9pMB2F28j1AAAAUo"]
[Thu Jun 11 00:01:00.630076 2026] [security2:error] [pid 2938:tid 2951] [client 78.153.140.93:49006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiok7ORR3mM9pMB2F28j1AAAAUo"]
[Thu Jun 11 00:01:00.992438 2026] [security2:error] [pid 31551:tid 31570] [client 78.153.140.93:49018] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiok7NPH5u5NVjul-pl8gQAAAQw"]
[Thu Jun 11 00:02:40.072844 2026] [security2:error] [pid 18113:tid 18138] [client 20.245.27.78:32900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiolUJg3ctvEYD6EH9vGRgAAAFI"]
[Thu Jun 11 00:02:40.108994 2026] [security2:error] [pid 18113:tid 18138] [client 20.245.27.78:32900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiolUJg3ctvEYD6EH9vGRwAAAFI"]
[Thu Jun 11 00:02:40.244203 2026] [security2:error] [pid 18113:tid 18138] [client 20.245.27.78:32900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiolUJg3ctvEYD6EH9vGSgAAAFI"]
[Thu Jun 11 00:02:40.280521 2026] [security2:error] [pid 18113:tid 18138] [client 20.245.27.78:32900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiolUJg3ctvEYD6EH9vGTAAAAFI"]
[Thu Jun 11 00:03:51.289743 2026] [security2:error] [pid 2938:tid 2946] [client 43.130.111.40:59318] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioll-RR3mM9pMB2F28mrQAAAUU"], referer: http://13.84.161.190
[Thu Jun 11 00:03:51.289850 2026] [security2:error] [pid 2938:tid 2946] [client 43.130.111.40:59318] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioll-RR3mM9pMB2F28mrQAAAUU"], referer: http://13.84.161.190
[Thu Jun 11 00:03:51.290466 2026] [security2:error] [pid 2938:tid 2946] [client 43.130.111.40:59318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioll-RR3mM9pMB2F28mrQAAAUU"], referer: http://13.84.161.190
[Thu Jun 11 00:03:51.373054 2026] [security2:error] [pid 2938:tid 2946] [client 43.130.111.40:59318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aioll-RR3mM9pMB2F28mrQAAAUU"], referer: http://13.84.161.190
[Thu Jun 11 00:03:51.873674 2026] [security2:error] [pid 18113:tid 18121] [client 65.49.20.69:33020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioll5g3ctvEYD6EH9vHZgAAAEE"], referer: http://13.84.161.190/
[Thu Jun 11 00:07:20.126648 2026] [security2:error] [pid 3052:tid 3063] [client 43.158.91.71:43538] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aiomaHBh93Mt9RCcCneAhAAAAMk"]
[Thu Jun 11 00:09:24.216159 2026] [security2:error] [pid 31551:tid 31571] [client 52.190.139.28:27490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiom5NPH5u5NVjul-pmE1wAAAQ0"]
[Thu Jun 11 00:09:24.252507 2026] [security2:error] [pid 31551:tid 31571] [client 52.190.139.28:27490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiom5NPH5u5NVjul-pmE2AAAAQ0"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 00:09:24.556682 2026] [security2:error] [pid 31551:tid 31571] [client 52.190.139.28:27490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiom5NPH5u5NVjul-pmE3wAAAQ0"]
[Thu Jun 11 00:09:24.591291 2026] [security2:error] [pid 31551:tid 31571] [client 52.190.139.28:27490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiom5NPH5u5NVjul-pmE4AAAAQ0"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 00:18:50.249595 2026] [security2:error] [pid 22855:tid 22867] [client 194.50.235.133:51181] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.0.2.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.0.2.1"] [uri "/"] [unique_id "aiopGl71v4pS85P4fn-pBAAAAIE"]
[Thu Jun 11 00:19:12.782650 2026] [security2:error] [pid 31551:tid 31566] [client 193.124.20.244:2278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/getData"] [unique_id "aiopMNPH5u5NVjul-pmSQgAAAQg"]
[Thu Jun 11 00:22:18.034120 2026] [security2:error] [pid 22855:tid 22878] [client 34.176.79.8:49658] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tTgAAAIw"]
[Thu Jun 11 00:22:18.034260 2026] [security2:error] [pid 22855:tid 22878] [client 34.176.79.8:49658] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tTgAAAIw"]
[Thu Jun 11 00:22:18.034425 2026] [security2:error] [pid 22855:tid 22878] [client 34.176.79.8:49658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tTgAAAIw"]
[Thu Jun 11 00:22:18.034648 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:49686] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGHywAAAAk"]
[Thu Jun 11 00:22:18.034909 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:49686] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGHywAAAAk"]
[Thu Jun 11 00:22:18.035030 2026] [security2:error] [pid 22855:tid 22878] [client 34.176.79.8:49658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tTgAAAIw"]
[Thu Jun 11 00:22:18.035245 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:49686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGHywAAAAk"]
[Thu Jun 11 00:22:18.035502 2026] [security2:error] [pid 22855:tid 22878] [client 34.176.79.8:49658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tTgAAAIw"]
[Thu Jun 11 00:22:18.035662 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:49686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGHywAAAAk"]
[Thu Jun 11 00:22:18.039788 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:49660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod"] [unique_id "aiop6nBSW5Z6y_w6HsGHygAAAAw"]
[Thu Jun 11 00:22:18.039924 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:49660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod"] [unique_id "aiop6nBSW5Z6y_w6HsGHygAAAAw"]
[Thu Jun 11 00:22:18.040107 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:49660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod"] [unique_id "aiop6nBSW5Z6y_w6HsGHygAAAAw"]
[Thu Jun 11 00:22:18.040425 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:49660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod"] [unique_id "aiop6nBSW5Z6y_w6HsGHygAAAAw"]
[Thu Jun 11 00:22:18.043411 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:49670] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmV9gAAAQs"]
[Thu Jun 11 00:22:18.043553 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:49670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmV9gAAAQs"]
[Thu Jun 11 00:22:18.043848 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:49670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmV9gAAAQs"]
[Thu Jun 11 00:22:18.044075 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:49670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmV9gAAAQs"]
[Thu Jun 11 00:22:18.055568 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:49698] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tTwAAAJU"]
[Thu Jun 11 00:22:18.055714 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:49698] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tTwAAAJU"]
[Thu Jun 11 00:22:18.055841 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:49698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tTwAAAJU"]
[Thu Jun 11 00:22:18.056170 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:49698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tTwAAAJU"]
[Thu Jun 11 00:22:18.056443 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:49698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tTwAAAJU"]
[Thu Jun 11 00:22:18.059876 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:49688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWRAAAANg"]
[Thu Jun 11 00:22:18.060017 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:49688] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWRAAAANg"]
[Thu Jun 11 00:22:18.060225 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:49688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWRAAAANg"]
[Thu Jun 11 00:22:18.060600 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:49688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWRAAAANg"]
[Thu Jun 11 00:22:18.076266 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:49738] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUAAAAIg"]
[Thu Jun 11 00:22:18.076495 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:49738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUAAAAIg"]
[Thu Jun 11 00:22:18.077032 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:49738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUAAAAIg"]
[Thu Jun 11 00:22:18.077304 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:49738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUAAAAIg"]
[Thu Jun 11 00:22:18.079402 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:49740] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.bak"] [unique_id "aiop6tPH5u5NVjul-pmV9wAAAQk"]
[Thu Jun 11 00:22:18.079542 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:49740] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.bak"] [unique_id "aiop6tPH5u5NVjul-pmV9wAAAQk"]
[Thu Jun 11 00:22:18.079730 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:49740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.bak"] [unique_id "aiop6tPH5u5NVjul-pmV9wAAAQk"]
[Thu Jun 11 00:22:18.079951 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:49740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.bak"] [unique_id "aiop6tPH5u5NVjul-pmV9wAAAQk"]
[Thu Jun 11 00:22:18.080291 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:49740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.bak"] [unique_id "aiop6tPH5u5NVjul-pmV9wAAAQk"]
[Thu Jun 11 00:22:18.087749 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:49714] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGHzQAAAAE"]
[Thu Jun 11 00:22:18.087903 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:49714] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGHzQAAAAE"]
[Thu Jun 11 00:22:18.088386 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:49714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGHzQAAAAE"]
[Thu Jun 11 00:22:18.088662 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:49714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGHzQAAAAE"]
[Thu Jun 11 00:22:18.089258 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:49714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGHzQAAAAE"]
[Thu Jun 11 00:22:18.091138 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:49760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/v2/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-AAAARE"]
[Thu Jun 11 00:22:18.091310 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:49760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/v2/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-AAAARE"]
[Thu Jun 11 00:22:18.091862 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:49760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/v2/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-AAAARE"]
[Thu Jun 11 00:22:18.092109 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:49760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/v2/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-AAAARE"]
[Thu Jun 11 00:22:18.093616 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:49728] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWRQAAAMY"]
[Thu Jun 11 00:22:18.093772 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:49728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWRQAAAMY"]
[Thu Jun 11 00:22:18.094084 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:49728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWRQAAAMY"]
[Thu Jun 11 00:22:18.094357 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:49728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWRQAAAMY"]
[Thu Jun 11 00:22:18.096460 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:49756] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/v1/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzgAAAAQ"]
[Thu Jun 11 00:22:18.096813 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:49756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/v1/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzgAAAAQ"]
[Thu Jun 11 00:22:18.096964 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:49772] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/v3/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRgAAAMk"]
[Thu Jun 11 00:22:18.097105 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:49772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/v3/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRgAAAMk"]
[Thu Jun 11 00:22:18.097128 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:49756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/v1/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzgAAAAQ"]
[Thu Jun 11 00:22:18.097463 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:49756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/v1/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzgAAAAQ"]
[Thu Jun 11 00:22:18.097541 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:49772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/v3/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRgAAAMk"]
[Thu Jun 11 00:22:18.098120 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:49772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/v3/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRgAAAMk"]
[Thu Jun 11 00:22:18.098923 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:49762] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.old"] [unique_id "aiop6l71v4pS85P4fn-tUQAAAIE"]
[Thu Jun 11 00:22:18.099157 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:49762] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.old"] [unique_id "aiop6l71v4pS85P4fn-tUQAAAIE"]
[Thu Jun 11 00:22:18.099318 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:49762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.old"] [unique_id "aiop6l71v4pS85P4fn-tUQAAAIE"]
[Thu Jun 11 00:22:18.099658 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:49762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.old"] [unique_id "aiop6l71v4pS85P4fn-tUQAAAIE"]
[Thu Jun 11 00:22:18.100051 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:49762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.old"] [unique_id "aiop6l71v4pS85P4fn-tUQAAAIE"]
[Thu Jun 11 00:22:18.144373 2026] [security2:error] [pid 21126:tid 21138] [client 34.176.79.8:49784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/v2/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRwAAAMo"]
[Thu Jun 11 00:22:18.144524 2026] [security2:error] [pid 21126:tid 21138] [client 34.176.79.8:49784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/v2/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRwAAAMo"]
[Thu Jun 11 00:22:18.145037 2026] [security2:error] [pid 21126:tid 21138] [client 34.176.79.8:49784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/v2/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRwAAAMo"]
[Thu Jun 11 00:22:18.145493 2026] [security2:error] [pid 21126:tid 21138] [client 34.176.79.8:49784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/v2/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWRwAAAMo"]
[Thu Jun 11 00:22:18.147315 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:49792] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/v3/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzwAAAAs"]
[Thu Jun 11 00:22:18.147455 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:49792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/v3/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzwAAAAs"]
[Thu Jun 11 00:22:18.147712 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:49792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/v3/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzwAAAAs"]
[Thu Jun 11 00:22:18.148010 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:49792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/v3/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGHzwAAAAs"]
[Thu Jun 11 00:22:18.159650 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:49838] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/production/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWSAAAAM0"]
[Thu Jun 11 00:22:18.159821 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:49838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/production/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWSAAAAM0"]
[Thu Jun 11 00:22:18.160059 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:49838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/production/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWSAAAAM0"]
[Thu Jun 11 00:22:18.160498 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:49838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/production/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWSAAAAM0"]
[Thu Jun 11 00:22:18.162022 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:49822] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH0AAAABI"]
[Thu Jun 11 00:22:18.162303 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:49822] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH0AAAABI"]
[Thu Jun 11 00:22:18.162444 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:49822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH0AAAABI"]
[Thu Jun 11 00:22:18.162689 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:49822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH0AAAABI"]
[Thu Jun 11 00:22:18.162955 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:49822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH0AAAABI"]
[Thu Jun 11 00:22:18.163315 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:49866] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/dev/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-wAAAQI"]
[Thu Jun 11 00:22:18.163453 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:49866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/dev/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-wAAAQI"]
[Thu Jun 11 00:22:18.163711 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:49866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/dev/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-wAAAQI"]
[Thu Jun 11 00:22:18.163978 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:49866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/dev/.env"] [unique_id "aiop6tPH5u5NVjul-pmV-wAAAQI"]
[Thu Jun 11 00:22:18.166856 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:49874] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUgAAAIY"]
[Thu Jun 11 00:22:18.167036 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:49874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUgAAAIY"]
[Thu Jun 11 00:22:18.167239 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:49874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUgAAAIY"]
[Thu Jun 11 00:22:18.167537 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:49874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tUgAAAIY"]
[Thu Jun 11 00:22:18.168773 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:49852] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/staging/.env"] [unique_id "aiop6l71v4pS85P4fn-tUwAAAIs"]
[Thu Jun 11 00:22:18.168906 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:49852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/staging/.env"] [unique_id "aiop6l71v4pS85P4fn-tUwAAAIs"]
[Thu Jun 11 00:22:18.169152 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:49852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/staging/.env"] [unique_id "aiop6l71v4pS85P4fn-tUwAAAIs"]
[Thu Jun 11 00:22:18.169476 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:49852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/staging/.env"] [unique_id "aiop6l71v4pS85P4fn-tUwAAAIs"]
[Thu Jun 11 00:22:18.178592 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:49808] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/prod/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_AAAARQ"]
[Thu Jun 11 00:22:18.178754 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:49808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/prod/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_AAAARQ"]
[Thu Jun 11 00:22:18.178992 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:49808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/prod/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_AAAARQ"]
[Thu Jun 11 00:22:18.179283 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:49808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/prod/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_AAAARQ"]
[Thu Jun 11 00:22:18.180247 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:49780] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/v1/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_QAAAQg"]
[Thu Jun 11 00:22:18.180417 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:49780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/v1/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_QAAAQg"]
[Thu Jun 11 00:22:18.180834 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:49780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/v1/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_QAAAQg"]
[Thu Jun 11 00:22:18.181150 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:49780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/v1/.env"] [unique_id "aiop6tPH5u5NVjul-pmV_QAAAQg"]
[Thu Jun 11 00:22:18.207564 2026] [security2:error] [pid 21075:tid 21100] [client 34.176.79.8:49956] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH0wAAABY"]
[Thu Jun 11 00:22:18.207763 2026] [security2:error] [pid 21075:tid 21100] [client 34.176.79.8:49956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH0wAAABY"]
[Thu Jun 11 00:22:18.208010 2026] [security2:error] [pid 21075:tid 21100] [client 34.176.79.8:49956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH0wAAABY"]
[Thu Jun 11 00:22:18.208823 2026] [security2:error] [pid 21075:tid 21100] [client 34.176.79.8:49956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH0wAAABY"]
[Thu Jun 11 00:22:18.210989 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:49938] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev.local"] [unique_id "aiop6tPH5u5NVjul-pmV_wAAAQo"]
[Thu Jun 11 00:22:18.211283 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:49938] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev.local"] [unique_id "aiop6tPH5u5NVjul-pmV_wAAAQo"]
[Thu Jun 11 00:22:18.211541 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:49938] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev.local"] [unique_id "aiop6tPH5u5NVjul-pmV_wAAAQo"]
[Thu Jun 11 00:22:18.212767 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:49952] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.bak"] [unique_id "aiop6s0ej6tAIvUNrGGWSQAAANA"]
[Thu Jun 11 00:22:18.212898 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:49952] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.bak"] [unique_id "aiop6s0ej6tAIvUNrGGWSQAAANA"]
[Thu Jun 11 00:22:18.213037 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:49952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.bak"] [unique_id "aiop6s0ej6tAIvUNrGGWSQAAANA"]
[Thu Jun 11 00:22:18.213249 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:49952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.bak"] [unique_id "aiop6s0ej6tAIvUNrGGWSQAAANA"]
[Thu Jun 11 00:22:18.214754 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:49942] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env"] [unique_id "aiop6l71v4pS85P4fn-tVAAAAJI"]
[Thu Jun 11 00:22:18.214882 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:49942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env"] [unique_id "aiop6l71v4pS85P4fn-tVAAAAJI"]
[Thu Jun 11 00:22:18.215253 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:49942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env"] [unique_id "aiop6l71v4pS85P4fn-tVAAAAJI"]
[Thu Jun 11 00:22:18.215556 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:49942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env"] [unique_id "aiop6l71v4pS85P4fn-tVAAAAJI"]
[Thu Jun 11 00:22:18.216764 2026] [security2:error] [pid 22855:tid 22868] [client 34.176.79.8:49916] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.docker"] [unique_id "aiop6l71v4pS85P4fn-tVQAAAII"]
[Thu Jun 11 00:22:18.216902 2026] [security2:error] [pid 22855:tid 22868] [client 34.176.79.8:49916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.docker"] [unique_id "aiop6l71v4pS85P4fn-tVQAAAII"]
[Thu Jun 11 00:22:18.217109 2026] [security2:error] [pid 22855:tid 22868] [client 34.176.79.8:49916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.docker"] [unique_id "aiop6l71v4pS85P4fn-tVQAAAII"]
[Thu Jun 11 00:22:18.217352 2026] [security2:error] [pid 22855:tid 22868] [client 34.176.79.8:49916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.docker"] [unique_id "aiop6l71v4pS85P4fn-tVQAAAII"]
[Thu Jun 11 00:22:18.218054 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:49966] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tVgAAAJc"]
[Thu Jun 11 00:22:18.218178 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:49966] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tVgAAAJc"]
[Thu Jun 11 00:22:18.218290 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:49966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tVgAAAJc"]
[Thu Jun 11 00:22:18.218485 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:49966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tVgAAAJc"]
[Thu Jun 11 00:22:18.218827 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:49966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tVgAAAJc"]
[Thu Jun 11 00:22:18.226237 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:49978] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.old"] [unique_id "aiop6tPH5u5NVjul-pmWAAAAAQ8"]
[Thu Jun 11 00:22:18.226410 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:49978] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.old"] [unique_id "aiop6tPH5u5NVjul-pmWAAAAAQ8"]
[Thu Jun 11 00:22:18.226600 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:49978] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.old"] [unique_id "aiop6tPH5u5NVjul-pmWAAAAAQ8"]
[Thu Jun 11 00:22:18.226818 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:49978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.old"] [unique_id "aiop6tPH5u5NVjul-pmWAAAAAQ8"]
[Thu Jun 11 00:22:18.227081 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:49978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.old"] [unique_id "aiop6tPH5u5NVjul-pmWAAAAAQ8"]
[Thu Jun 11 00:22:18.232038 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:49952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.bak"] [unique_id "aiop6s0ej6tAIvUNrGGWSQAAANA"]
[Thu Jun 11 00:22:18.232664 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:49938] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.dev.local"] [unique_id "aiop6tPH5u5NVjul-pmV_wAAAQo"]
[Thu Jun 11 00:22:18.240521 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:49964] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH1AAAAAg"]
[Thu Jun 11 00:22:18.240719 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:49964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH1AAAAAg"]
[Thu Jun 11 00:22:18.241026 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:49964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH1AAAAAg"]
[Thu Jun 11 00:22:18.241666 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:49964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH1AAAAAg"]
[Thu Jun 11 00:22:18.244138 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:49920] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/uat/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAQAAARg"]
[Thu Jun 11 00:22:18.244293 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:49920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/uat/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAQAAARg"]
[Thu Jun 11 00:22:18.244513 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:49920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/uat/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAQAAARg"]
[Thu Jun 11 00:22:18.244898 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:49920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/uat/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAQAAARg"]
[Thu Jun 11 00:22:18.248819 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:49974] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWSgAAANQ"]
[Thu Jun 11 00:22:18.248953 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:49974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWSgAAANQ"]
[Thu Jun 11 00:22:18.249186 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:49974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWSgAAANQ"]
[Thu Jun 11 00:22:18.249508 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:49974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWSgAAANQ"]
[Thu Jun 11 00:22:18.250409 2026] [security2:error] [pid 21126:tid 21140] [client 34.176.79.8:49930] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/env.old"] [unique_id "aiop6s0ej6tAIvUNrGGWSwAAAMw"]
[Thu Jun 11 00:22:18.250525 2026] [security2:error] [pid 21126:tid 21140] [client 34.176.79.8:49930] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/env.old"] [unique_id "aiop6s0ej6tAIvUNrGGWSwAAAMw"]
[Thu Jun 11 00:22:18.250670 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:49864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/stage/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTAAAANU"]
[Thu Jun 11 00:22:18.251390 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:49864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/stage/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTAAAANU"]
[Thu Jun 11 00:22:18.251776 2026] [security2:error] [pid 31551:tid 31559] [client 34.176.79.8:49888] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/development/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAgAAAQE"]
[Thu Jun 11 00:22:18.251920 2026] [security2:error] [pid 31551:tid 31559] [client 34.176.79.8:49888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/development/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAgAAAQE"]
[Thu Jun 11 00:22:18.252005 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:49864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/stage/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTAAAANU"]
[Thu Jun 11 00:22:18.251995 2026] [security2:error] [pid 21126:tid 21140] [client 34.176.79.8:49930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/env.old"] [unique_id "aiop6s0ej6tAIvUNrGGWSwAAAMw"]
[Thu Jun 11 00:22:18.252136 2026] [security2:error] [pid 31551:tid 31559] [client 34.176.79.8:49888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/development/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAgAAAQE"]
[Thu Jun 11 00:22:18.252439 2026] [security2:error] [pid 31551:tid 31559] [client 34.176.79.8:49888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/development/.env"] [unique_id "aiop6tPH5u5NVjul-pmWAgAAAQE"]
[Thu Jun 11 00:22:18.252830 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:49864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/stage/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTAAAANU"]
[Thu Jun 11 00:22:18.253848 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:49898] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/test/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH1QAAABc"]
[Thu Jun 11 00:22:18.254517 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:49898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/test/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH1QAAABc"]
[Thu Jun 11 00:22:18.254791 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:49898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/test/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH1QAAABc"]
[Thu Jun 11 00:22:18.255077 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:49898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/test/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH1QAAABc"]
[Thu Jun 11 00:22:18.256774 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50012] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.staging"] [unique_id "aiop6nBSW5Z6y_w6HsGH1gAAABU"]
[Thu Jun 11 00:22:18.257006 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.staging"] [unique_id "aiop6nBSW5Z6y_w6HsGH1gAAABU"]
[Thu Jun 11 00:22:18.257286 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.staging"] [unique_id "aiop6nBSW5Z6y_w6HsGH1gAAABU"]
[Thu Jun 11 00:22:18.257555 2026] [security2:error] [pid 21126:tid 21140] [client 34.176.79.8:49930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/env.old"] [unique_id "aiop6s0ej6tAIvUNrGGWSwAAAMw"]
[Thu Jun 11 00:22:18.257696 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.staging"] [unique_id "aiop6nBSW5Z6y_w6HsGH1gAAABU"]
[Thu Jun 11 00:22:18.257884 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.orig"] [unique_id "aiop6s0ej6tAIvUNrGGWTQAAANE"]
[Thu Jun 11 00:22:18.258012 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.orig"] [unique_id "aiop6s0ej6tAIvUNrGGWTQAAANE"]
[Thu Jun 11 00:22:18.258450 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.orig"] [unique_id "aiop6s0ej6tAIvUNrGGWTQAAANE"]
[Thu Jun 11 00:22:18.258774 2026] [security2:error] [pid 22855:tid 22883] [client 34.176.79.8:49988] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tVwAAAJE"]
[Thu Jun 11 00:22:18.258906 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.orig"] [unique_id "aiop6s0ej6tAIvUNrGGWTQAAANE"]
[Thu Jun 11 00:22:18.258951 2026] [security2:error] [pid 22855:tid 22883] [client 34.176.79.8:49988] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tVwAAAJE"]
[Thu Jun 11 00:22:18.259068 2026] [security2:error] [pid 22855:tid 22883] [client 34.176.79.8:49988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tVwAAAJE"]
[Thu Jun 11 00:22:18.259255 2026] [security2:error] [pid 22855:tid 22883] [client 34.176.79.8:49988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tVwAAAJE"]
[Thu Jun 11 00:22:18.259503 2026] [security2:error] [pid 22855:tid 22883] [client 34.176.79.8:49988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tVwAAAJE"]
[Thu Jun 11 00:22:18.275261 2026] [security2:error] [pid 22855:tid 22870] [client 34.176.79.8:49902] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/qa/.env"] [unique_id "aiop6l71v4pS85P4fn-tWAAAAIQ"]
[Thu Jun 11 00:22:18.275439 2026] [security2:error] [pid 22855:tid 22870] [client 34.176.79.8:49902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/qa/.env"] [unique_id "aiop6l71v4pS85P4fn-tWAAAAIQ"]
[Thu Jun 11 00:22:18.275867 2026] [security2:error] [pid 22855:tid 22870] [client 34.176.79.8:49902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/qa/.env"] [unique_id "aiop6l71v4pS85P4fn-tWAAAAIQ"]
[Thu Jun 11 00:22:18.276173 2026] [security2:error] [pid 22855:tid 22870] [client 34.176.79.8:49902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/qa/.env"] [unique_id "aiop6l71v4pS85P4fn-tWAAAAIQ"]
[Thu Jun 11 00:22:18.280879 2026] [security2:error] [pid 21075:tid 21094] [client 34.176.79.8:50084] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.live"] [unique_id "aiop6nBSW5Z6y_w6HsGH1wAAABA"]
[Thu Jun 11 00:22:18.280931 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50116] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.demo"] [unique_id "aiop6tPH5u5NVjul-pmWAwAAAQw"]
[Thu Jun 11 00:22:18.281036 2026] [security2:error] [pid 21075:tid 21094] [client 34.176.79.8:50084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.live"] [unique_id "aiop6nBSW5Z6y_w6HsGH1wAAABA"]
[Thu Jun 11 00:22:18.281072 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.demo"] [unique_id "aiop6tPH5u5NVjul-pmWAwAAAQw"]
[Thu Jun 11 00:22:18.281272 2026] [security2:error] [pid 21075:tid 21094] [client 34.176.79.8:50084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.live"] [unique_id "aiop6nBSW5Z6y_w6HsGH1wAAABA"]
[Thu Jun 11 00:22:18.281281 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.demo"] [unique_id "aiop6tPH5u5NVjul-pmWAwAAAQw"]
[Thu Jun 11 00:22:18.281528 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.demo"] [unique_id "aiop6tPH5u5NVjul-pmWAwAAAQw"]
[Thu Jun 11 00:22:18.281549 2026] [security2:error] [pid 21075:tid 21094] [client 34.176.79.8:50084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.live"] [unique_id "aiop6nBSW5Z6y_w6HsGH1wAAABA"]
[Thu Jun 11 00:22:18.295951 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50014] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tWQAAAIA"]
[Thu Jun 11 00:22:18.296138 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tWQAAAIA"]
[Thu Jun 11 00:22:18.296357 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tWQAAAIA"]
[Thu Jun 11 00:22:18.296607 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/.env.dev"] [unique_id "aiop6l71v4pS85P4fn-tWQAAAIA"]
[Thu Jun 11 00:22:18.298881 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50096] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aiop6tPH5u5NVjul-pmWBQAAAQU"]
[Thu Jun 11 00:22:18.299053 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aiop6tPH5u5NVjul-pmWBQAAAQU"]
[Thu Jun 11 00:22:18.299449 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aiop6tPH5u5NVjul-pmWBQAAAQU"]
[Thu Jun 11 00:22:18.301111 2026] [security2:error] [pid 21126:tid 21150] [client 34.176.79.8:50048] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTgAAANY"]
[Thu Jun 11 00:22:18.301244 2026] [security2:error] [pid 21126:tid 21150] [client 34.176.79.8:50048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTgAAANY"]
[Thu Jun 11 00:22:18.301555 2026] [security2:error] [pid 21126:tid 21150] [client 34.176.79.8:50048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTgAAANY"]
[Thu Jun 11 00:22:18.301890 2026] [security2:error] [pid 21126:tid 21150] [client 34.176.79.8:50048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTgAAANY"]
[Thu Jun 11 00:22:18.303895 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aiop6tPH5u5NVjul-pmWBQAAAQU"]
[Thu Jun 11 00:22:18.318493 2026] [security2:error] [pid 21126:tid 21142] [client 34.176.79.8:50020] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTwAAAM4"]
[Thu Jun 11 00:22:18.318668 2026] [security2:error] [pid 21126:tid 21142] [client 34.176.79.8:50020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTwAAAM4"]
[Thu Jun 11 00:22:18.318899 2026] [security2:error] [pid 21126:tid 21142] [client 34.176.79.8:50020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTwAAAM4"]
[Thu Jun 11 00:22:18.319186 2026] [security2:error] [pid 21126:tid 21142] [client 34.176.79.8:50020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWTwAAAM4"]
[Thu Jun 11 00:22:18.321132 2026] [security2:error] [pid 22855:tid 22876] [client 34.176.79.8:50068] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/env.backup"] [unique_id "aiop6l71v4pS85P4fn-tWgAAAIo"]
[Thu Jun 11 00:22:18.321256 2026] [security2:error] [pid 22855:tid 22876] [client 34.176.79.8:50068] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/env.backup"] [unique_id "aiop6l71v4pS85P4fn-tWgAAAIo"]
[Thu Jun 11 00:22:18.321477 2026] [security2:error] [pid 22855:tid 22876] [client 34.176.79.8:50068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/env.backup"] [unique_id "aiop6l71v4pS85P4fn-tWgAAAIo"]
[Thu Jun 11 00:22:18.323171 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50128] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWUAAAAMc"]
[Thu Jun 11 00:22:18.323304 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWUAAAAMc"]
[Thu Jun 11 00:22:18.323468 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50082] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.default"] [unique_id "aiop6nBSW5Z6y_w6HsGH2AAAAAI"]
[Thu Jun 11 00:22:18.323512 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWUAAAAMc"]
[Thu Jun 11 00:22:18.323663 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.default"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.default"] [unique_id "aiop6nBSW5Z6y_w6HsGH2AAAAAI"]
[Thu Jun 11 00:22:18.323813 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aiop6s0ej6tAIvUNrGGWUAAAAMc"]
[Thu Jun 11 00:22:18.324136 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.default"] [unique_id "aiop6nBSW5Z6y_w6HsGH2AAAAAI"]
[Thu Jun 11 00:22:18.324554 2026] [security2:error] [pid 22855:tid 22876] [client 34.176.79.8:50068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/env.backup"] [unique_id "aiop6l71v4pS85P4fn-tWgAAAIo"]
[Thu Jun 11 00:22:18.327914 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.default"] [unique_id "aiop6nBSW5Z6y_w6HsGH2AAAAAI"]
[Thu Jun 11 00:22:18.329112 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/app/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2QAAABE"]
[Thu Jun 11 00:22:18.329272 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/app/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2QAAABE"]
[Thu Jun 11 00:22:18.329487 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/app/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2QAAABE"]
[Thu Jun 11 00:22:18.329850 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/app/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2QAAABE"]
[Thu Jun 11 00:22:18.333176 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50062] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWBgAAAQQ"]
[Thu Jun 11 00:22:18.333424 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWBgAAAQQ"]
[Thu Jun 11 00:22:18.333655 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWBgAAAQQ"]
[Thu Jun 11 00:22:18.333947 2026] [security2:error] [pid 22855:tid 22881] [client 34.176.79.8:50102] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tWwAAAI8"]
[Thu Jun 11 00:22:18.333962 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWBgAAAQQ"]
[Thu Jun 11 00:22:18.334102 2026] [security2:error] [pid 22855:tid 22881] [client 34.176.79.8:50102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tWwAAAI8"]
[Thu Jun 11 00:22:18.334284 2026] [security2:error] [pid 22855:tid 22881] [client 34.176.79.8:50102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tWwAAAI8"]
[Thu Jun 11 00:22:18.334517 2026] [security2:error] [pid 22855:tid 22881] [client 34.176.79.8:50102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tWwAAAI8"]
[Thu Jun 11 00:22:18.340115 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50092] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWUQAAAMA"]
[Thu Jun 11 00:22:18.340320 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWUQAAAMA"]
[Thu Jun 11 00:22:18.340537 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWUQAAAMA"]
[Thu Jun 11 00:22:18.340940 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWUQAAAMA"]
[Thu Jun 11 00:22:18.346458 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50148] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGH2gAAABg"]
[Thu Jun 11 00:22:18.346608 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGH2gAAABg"]
[Thu Jun 11 00:22:18.346747 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGH2gAAABg"]
[Thu Jun 11 00:22:18.347092 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGH2gAAABg"]
[Thu Jun 11 00:22:18.348305 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.old"] [unique_id "aiop6nBSW5Z6y_w6HsGH2gAAABg"]
[Thu Jun 11 00:22:18.379491 2026] [security2:error] [pid 21075:tid 21098] [client 34.176.79.8:50220] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2wAAABQ"]
[Thu Jun 11 00:22:18.379754 2026] [security2:error] [pid 21075:tid 21098] [client 34.176.79.8:50220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2wAAABQ"]
[Thu Jun 11 00:22:18.380224 2026] [security2:error] [pid 21075:tid 21098] [client 34.176.79.8:50220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2wAAABQ"]
[Thu Jun 11 00:22:18.380551 2026] [security2:error] [pid 21075:tid 21098] [client 34.176.79.8:50220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH2wAAABQ"]
[Thu Jun 11 00:22:18.381534 2026] [security2:error] [pid 22855:tid 22886] [client 34.176.79.8:50270] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aiop6l71v4pS85P4fn-tXAAAAJQ"]
[Thu Jun 11 00:22:18.381687 2026] [security2:error] [pid 22855:tid 22886] [client 34.176.79.8:50270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aiop6l71v4pS85P4fn-tXAAAAJQ"]
[Thu Jun 11 00:22:18.381923 2026] [security2:error] [pid 22855:tid 22886] [client 34.176.79.8:50270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aiop6l71v4pS85P4fn-tXAAAAJQ"]
[Thu Jun 11 00:22:18.382229 2026] [security2:error] [pid 22855:tid 22886] [client 34.176.79.8:50270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aiop6l71v4pS85P4fn-tXAAAAJQ"]
[Thu Jun 11 00:22:18.386096 2026] [security2:error] [pid 31551:tid 31564] [client 34.176.79.8:50186] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.sample"] [unique_id "aiop6tPH5u5NVjul-pmWBwAAAQY"]
[Thu Jun 11 00:22:18.386275 2026] [security2:error] [pid 31551:tid 31564] [client 34.176.79.8:50186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.sample"] [unique_id "aiop6tPH5u5NVjul-pmWBwAAAQY"]
[Thu Jun 11 00:22:18.386528 2026] [security2:error] [pid 31551:tid 31564] [client 34.176.79.8:50186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.sample"] [unique_id "aiop6tPH5u5NVjul-pmWBwAAAQY"]
[Thu Jun 11 00:22:18.386792 2026] [security2:error] [pid 31551:tid 31564] [client 34.176.79.8:50186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.sample"] [unique_id "aiop6tPH5u5NVjul-pmWBwAAAQY"]
[Thu Jun 11 00:22:18.394060 2026] [security2:error] [pid 22855:tid 22890] [client 34.176.79.8:50154] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tXQAAAJg"]
[Thu Jun 11 00:22:18.394193 2026] [security2:error] [pid 22855:tid 22890] [client 34.176.79.8:50154] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tXQAAAJg"]
[Thu Jun 11 00:22:18.394317 2026] [security2:error] [pid 22855:tid 22890] [client 34.176.79.8:50154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tXQAAAJg"]
[Thu Jun 11 00:22:18.394522 2026] [security2:error] [pid 22855:tid 22890] [client 34.176.79.8:50154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tXQAAAJg"]
[Thu Jun 11 00:22:18.394998 2026] [security2:error] [pid 22855:tid 22890] [client 34.176.79.8:50154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aiop6l71v4pS85P4fn-tXQAAAJg"]
[Thu Jun 11 00:22:18.395995 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50320] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aiop6l71v4pS85P4fn-tXgAAAJY"]
[Thu Jun 11 00:22:18.396179 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aiop6l71v4pS85P4fn-tXgAAAJY"]
[Thu Jun 11 00:22:18.396503 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aiop6l71v4pS85P4fn-tXgAAAJY"]
[Thu Jun 11 00:22:18.396819 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aiop6l71v4pS85P4fn-tXgAAAJY"]
[Thu Jun 11 00:22:18.410671 2026] [security2:error] [pid 31551:tid 31576] [client 34.176.79.8:50192] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCAAAARI"]
[Thu Jun 11 00:22:18.410811 2026] [security2:error] [pid 31551:tid 31576] [client 34.176.79.8:50192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCAAAARI"]
[Thu Jun 11 00:22:18.411064 2026] [security2:error] [pid 31551:tid 31576] [client 34.176.79.8:50192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCAAAARI"]
[Thu Jun 11 00:22:18.412056 2026] [security2:error] [pid 31551:tid 31576] [client 34.176.79.8:50192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCAAAARI"]
[Thu Jun 11 00:22:18.419674 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50278] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aiop6s0ej6tAIvUNrGGWUwAAAMU"]
[Thu Jun 11 00:22:18.419809 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50278] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aiop6s0ej6tAIvUNrGGWUwAAAMU"]
[Thu Jun 11 00:22:18.419958 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aiop6s0ej6tAIvUNrGGWUwAAAMU"]
[Thu Jun 11 00:22:18.420273 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aiop6s0ej6tAIvUNrGGWUwAAAMU"]
[Thu Jun 11 00:22:18.420651 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aiop6s0ej6tAIvUNrGGWUwAAAMU"]
[Thu Jun 11 00:22:18.423553 2026] [security2:error] [pid 21075:tid 21085] [client 34.176.79.8:50172] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH3AAAAAc"]
[Thu Jun 11 00:22:18.423849 2026] [security2:error] [pid 21075:tid 21085] [client 34.176.79.8:50172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH3AAAAAc"]
[Thu Jun 11 00:22:18.424217 2026] [security2:error] [pid 21075:tid 21085] [client 34.176.79.8:50172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH3AAAAAc"]
[Thu Jun 11 00:22:18.424460 2026] [security2:error] [pid 21075:tid 21085] [client 34.176.79.8:50172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH3AAAAAc"]
[Thu Jun 11 00:22:18.444098 2026] [security2:error] [pid 22855:tid 22885] [client 34.176.79.8:50296] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.local"] [unique_id "aiop6l71v4pS85P4fn-tXwAAAJM"]
[Thu Jun 11 00:22:18.444263 2026] [security2:error] [pid 22855:tid 22885] [client 34.176.79.8:50296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.local"] [unique_id "aiop6l71v4pS85P4fn-tXwAAAJM"]
[Thu Jun 11 00:22:18.444650 2026] [security2:error] [pid 22855:tid 22885] [client 34.176.79.8:50296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.local"] [unique_id "aiop6l71v4pS85P4fn-tXwAAAJM"]
[Thu Jun 11 00:22:18.444959 2026] [security2:error] [pid 22855:tid 22885] [client 34.176.79.8:50296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.local"] [unique_id "aiop6l71v4pS85P4fn-tXwAAAJM"]
[Thu Jun 11 00:22:18.446286 2026] [security2:error] [pid 31551:tid 31581] [client 34.176.79.8:50352] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/src/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCQAAARc"]
[Thu Jun 11 00:22:18.446414 2026] [security2:error] [pid 31551:tid 31581] [client 34.176.79.8:50352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/src/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCQAAARc"]
[Thu Jun 11 00:22:18.446638 2026] [security2:error] [pid 31551:tid 31581] [client 34.176.79.8:50352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/src/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCQAAARc"]
[Thu Jun 11 00:22:18.446893 2026] [security2:error] [pid 31551:tid 31581] [client 34.176.79.8:50352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/src/.env"] [unique_id "aiop6tPH5u5NVjul-pmWCQAAARc"]
[Thu Jun 11 00:22:18.447619 2026] [security2:error] [pid 31551:tid 31580] [client 34.176.79.8:50250] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aiop6tPH5u5NVjul-pmWCgAAARY"]
[Thu Jun 11 00:22:18.447750 2026] [security2:error] [pid 31551:tid 31580] [client 34.176.79.8:50250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aiop6tPH5u5NVjul-pmWCgAAARY"]
[Thu Jun 11 00:22:18.447959 2026] [security2:error] [pid 31551:tid 31580] [client 34.176.79.8:50250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aiop6tPH5u5NVjul-pmWCgAAARY"]
[Thu Jun 11 00:22:18.448314 2026] [security2:error] [pid 31551:tid 31580] [client 34.176.79.8:50250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aiop6tPH5u5NVjul-pmWCgAAARY"]
[Thu Jun 11 00:22:18.450806 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYAAAAI4"]
[Thu Jun 11 00:22:18.450954 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYAAAAI4"]
[Thu Jun 11 00:22:18.451179 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYAAAAI4"]
[Thu Jun 11 00:22:18.452535 2026] [security2:error] [pid 21126:tid 21130] [client 34.176.79.8:50368] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWVAAAAMI"]
[Thu Jun 11 00:22:18.464655 2026] [security2:error] [pid 21126:tid 21130] [client 34.176.79.8:50368] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWVAAAAMI"]
[Thu Jun 11 00:22:18.464997 2026] [security2:error] [pid 21126:tid 21130] [client 34.176.79.8:50368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWVAAAAMI"]
[Thu Jun 11 00:22:18.465288 2026] [security2:error] [pid 21126:tid 21130] [client 34.176.79.8:50368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWVAAAAMI"]
[Thu Jun 11 00:22:18.453777 2026] [security2:error] [pid 22855:tid 22882] [client 34.176.79.8:50460] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.preprod"] [unique_id "aiop6l71v4pS85P4fn-tYQAAAJA"]
[Thu Jun 11 00:22:18.466008 2026] [security2:error] [pid 22855:tid 22882] [client 34.176.79.8:50460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.preprod"] [unique_id "aiop6l71v4pS85P4fn-tYQAAAJA"]
[Thu Jun 11 00:22:18.466236 2026] [security2:error] [pid 22855:tid 22882] [client 34.176.79.8:50460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.preprod"] [unique_id "aiop6l71v4pS85P4fn-tYQAAAJA"]
[Thu Jun 11 00:22:18.466531 2026] [security2:error] [pid 22855:tid 22882] [client 34.176.79.8:50460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.preprod"] [unique_id "aiop6l71v4pS85P4fn-tYQAAAJA"]
[Thu Jun 11 00:22:18.454888 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50234] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.qa"] [unique_id "aiop6nBSW5Z6y_w6HsGH3QAAAAM"]
[Thu Jun 11 00:22:18.467342 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.qa"] [unique_id "aiop6nBSW5Z6y_w6HsGH3QAAAAM"]
[Thu Jun 11 00:22:18.467609 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.qa"] [unique_id "aiop6nBSW5Z6y_w6HsGH3QAAAAM"]
[Thu Jun 11 00:22:18.467914 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.qa"] [unique_id "aiop6nBSW5Z6y_w6HsGH3QAAAAM"]
[Thu Jun 11 00:22:18.468136 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50442] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDAAAAQs"]
[Thu Jun 11 00:22:18.468245 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50442] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDAAAAQs"]
[Thu Jun 11 00:22:18.469411 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYAAAAI4"]
[Thu Jun 11 00:22:18.469876 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDAAAAQs"]
[Thu Jun 11 00:22:18.470122 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDAAAAQs"]
[Thu Jun 11 00:22:18.470368 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDAAAAQs"]
[Thu Jun 11 00:22:18.456924 2026] [security2:error] [pid 7752:tid 7771] [client 34.176.79.8:50458] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/.env"] [unique_id "aiop6rXVEMZbaEYG_yz88wAAAE4"]
[Thu Jun 11 00:22:18.470796 2026] [security2:error] [pid 7752:tid 7771] [client 34.176.79.8:50458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/.env"] [unique_id "aiop6rXVEMZbaEYG_yz88wAAAE4"]
[Thu Jun 11 00:22:18.471124 2026] [security2:error] [pid 7752:tid 7771] [client 34.176.79.8:50458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/.env"] [unique_id "aiop6rXVEMZbaEYG_yz88wAAAE4"]
[Thu Jun 11 00:22:18.471495 2026] [security2:error] [pid 7752:tid 7771] [client 34.176.79.8:50458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/.env"] [unique_id "aiop6rXVEMZbaEYG_yz88wAAAE4"]
[Thu Jun 11 00:22:18.458189 2026] [security2:error] [pid 7752:tid 7762] [client 34.176.79.8:50432] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89AAAAEU"]
[Thu Jun 11 00:22:18.471784 2026] [security2:error] [pid 7752:tid 7762] [client 34.176.79.8:50432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89AAAAEU"]
[Thu Jun 11 00:22:18.472009 2026] [security2:error] [pid 7752:tid 7762] [client 34.176.79.8:50432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89AAAAEU"]
[Thu Jun 11 00:22:18.472382 2026] [security2:error] [pid 7752:tid 7762] [client 34.176.79.8:50432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89AAAAEU"]
[Thu Jun 11 00:22:18.458727 2026] [security2:error] [pid 22855:tid 22871] [client 34.176.79.8:50380] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYgAAAIU"]
[Thu Jun 11 00:22:18.474784 2026] [security2:error] [pid 22855:tid 22871] [client 34.176.79.8:50380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYgAAAIU"]
[Thu Jun 11 00:22:18.475020 2026] [security2:error] [pid 22855:tid 22871] [client 34.176.79.8:50380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYgAAAIU"]
[Thu Jun 11 00:22:18.475457 2026] [security2:error] [pid 22855:tid 22871] [client 34.176.79.8:50380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tYgAAAIU"]
[Thu Jun 11 00:22:18.459722 2026] [security2:error] [pid 31551:tid 31571] [client 34.176.79.8:50144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWCwAAAQ0"]
[Thu Jun 11 00:22:18.475982 2026] [security2:error] [pid 31551:tid 31571] [client 34.176.79.8:50144] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWCwAAAQ0"]
[Thu Jun 11 00:22:18.476114 2026] [security2:error] [pid 31551:tid 31571] [client 34.176.79.8:50144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWCwAAAQ0"]
[Thu Jun 11 00:22:18.476368 2026] [security2:error] [pid 31551:tid 31571] [client 34.176.79.8:50144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWCwAAAQ0"]
[Thu Jun 11 00:22:18.476638 2026] [security2:error] [pid 31551:tid 31571] [client 34.176.79.8:50144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWCwAAAQ0"]
[Thu Jun 11 00:22:18.460764 2026] [security2:error] [pid 7752:tid 7760] [client 34.176.79.8:50350] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.dist"] [unique_id "aiop6rXVEMZbaEYG_yz89QAAAEM"]
[Thu Jun 11 00:22:18.480754 2026] [security2:error] [pid 7752:tid 7760] [client 34.176.79.8:50350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.dist"] [unique_id "aiop6rXVEMZbaEYG_yz89QAAAEM"]
[Thu Jun 11 00:22:18.481034 2026] [security2:error] [pid 7752:tid 7760] [client 34.176.79.8:50350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.dist"] [unique_id "aiop6rXVEMZbaEYG_yz89QAAAEM"]
[Thu Jun 11 00:22:18.481401 2026] [security2:error] [pid 7752:tid 7760] [client 34.176.79.8:50350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.dist"] [unique_id "aiop6rXVEMZbaEYG_yz89QAAAEM"]
[Thu Jun 11 00:22:18.463554 2026] [security2:error] [pid 7752:tid 7759] [client 34.176.79.8:50304] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.save"] [unique_id "aiop6rXVEMZbaEYG_yz89gAAAEI"]
[Thu Jun 11 00:22:18.482260 2026] [security2:error] [pid 7752:tid 7759] [client 34.176.79.8:50304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.save"] [unique_id "aiop6rXVEMZbaEYG_yz89gAAAEI"]
[Thu Jun 11 00:22:18.482514 2026] [security2:error] [pid 7752:tid 7759] [client 34.176.79.8:50304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.save"] [unique_id "aiop6rXVEMZbaEYG_yz89gAAAEI"]
[Thu Jun 11 00:22:18.482970 2026] [security2:error] [pid 7752:tid 7759] [client 34.176.79.8:50304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.save"] [unique_id "aiop6rXVEMZbaEYG_yz89gAAAEI"]
[Thu Jun 11 00:22:18.464445 2026] [security2:error] [pid 21126:tid 21139] [client 34.176.79.8:50198] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env~"] [unique_id "aiop6s0ej6tAIvUNrGGWVQAAAMs"]
[Thu Jun 11 00:22:18.483433 2026] [security2:error] [pid 21126:tid 21139] [client 34.176.79.8:50198] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env~"] [unique_id "aiop6s0ej6tAIvUNrGGWVQAAAMs"]
[Thu Jun 11 00:22:18.483768 2026] [security2:error] [pid 21126:tid 21139] [client 34.176.79.8:50198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env~"] [unique_id "aiop6s0ej6tAIvUNrGGWVQAAAMs"]
[Thu Jun 11 00:22:18.484044 2026] [security2:error] [pid 21126:tid 21139] [client 34.176.79.8:50198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env~"] [unique_id "aiop6s0ej6tAIvUNrGGWVQAAAMs"]
[Thu Jun 11 00:22:18.484359 2026] [security2:error] [pid 21126:tid 21139] [client 34.176.79.8:50198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env~"] [unique_id "aiop6s0ej6tAIvUNrGGWVQAAAMs"]
[Thu Jun 11 00:22:18.485672 2026] [security2:error] [pid 7752:tid 7772] [client 34.176.79.8:50500] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89wAAAE8"]
[Thu Jun 11 00:22:18.485838 2026] [security2:error] [pid 7752:tid 7772] [client 34.176.79.8:50500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89wAAAE8"]
[Thu Jun 11 00:22:18.485913 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50484] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiop6l71v4pS85P4fn-tYwAAAJU"]
[Thu Jun 11 00:22:18.486015 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiop6l71v4pS85P4fn-tYwAAAJU"]
[Thu Jun 11 00:22:18.486066 2026] [security2:error] [pid 7752:tid 7772] [client 34.176.79.8:50500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89wAAAE8"]
[Thu Jun 11 00:22:18.486166 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiop6l71v4pS85P4fn-tYwAAAJU"]
[Thu Jun 11 00:22:18.486333 2026] [security2:error] [pid 7752:tid 7772] [client 34.176.79.8:50500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.production"] [unique_id "aiop6rXVEMZbaEYG_yz89wAAAE8"]
[Thu Jun 11 00:22:18.486398 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiop6l71v4pS85P4fn-tYwAAAJU"]
[Thu Jun 11 00:22:18.488485 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:50416] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.local.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH3gAAAAk"]
[Thu Jun 11 00:22:18.488634 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:50416] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.local.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH3gAAAAk"]
[Thu Jun 11 00:22:18.488881 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:50416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.local.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH3gAAAAk"]
[Thu Jun 11 00:22:18.489148 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:50416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.local.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH3gAAAAk"]
[Thu Jun 11 00:22:18.489528 2026] [security2:error] [pid 21075:tid 21087] [client 34.176.79.8:50416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.local.bak"] [unique_id "aiop6nBSW5Z6y_w6HsGH3gAAAAk"]
[Thu Jun 11 00:22:18.491541 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:50470] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.example"] [unique_id "aiop6nBSW5Z6y_w6HsGH3wAAAAE"]
[Thu Jun 11 00:22:18.492153 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:50408] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.testing"] [unique_id "aiop6tPH5u5NVjul-pmWDQAAAQk"]
[Thu Jun 11 00:22:18.492284 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:50408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.testing"] [unique_id "aiop6tPH5u5NVjul-pmWDQAAAQk"]
[Thu Jun 11 00:22:18.492494 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:50408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.testing"] [unique_id "aiop6tPH5u5NVjul-pmWDQAAAQk"]
[Thu Jun 11 00:22:18.492763 2026] [security2:error] [pid 31551:tid 31567] [client 34.176.79.8:50408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.testing"] [unique_id "aiop6tPH5u5NVjul-pmWDQAAAQk"]
[Thu Jun 11 00:22:18.497468 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:50470] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.example"] [unique_id "aiop6nBSW5Z6y_w6HsGH3wAAAAE"]
[Thu Jun 11 00:22:18.497756 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:50470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.example"] [unique_id "aiop6nBSW5Z6y_w6HsGH3wAAAAE"]
[Thu Jun 11 00:22:18.498042 2026] [security2:error] [pid 21075:tid 21079] [client 34.176.79.8:50470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.example"] [unique_id "aiop6nBSW5Z6y_w6HsGH3wAAAAE"]
[Thu Jun 11 00:22:18.505891 2026] [security2:error] [pid 7752:tid 7761] [client 34.176.79.8:50382] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/src/api/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-AAAAEQ"]
[Thu Jun 11 00:22:18.506036 2026] [security2:error] [pid 7752:tid 7761] [client 34.176.79.8:50382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/src/api/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-AAAAEQ"]
[Thu Jun 11 00:22:18.506313 2026] [security2:error] [pid 7752:tid 7761] [client 34.176.79.8:50382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/src/api/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-AAAAEQ"]
[Thu Jun 11 00:22:18.506533 2026] [security2:error] [pid 21126:tid 21147] [client 34.176.79.8:50160] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVgAAANM"]
[Thu Jun 11 00:22:18.506736 2026] [security2:error] [pid 7752:tid 7761] [client 34.176.79.8:50382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/src/api/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-AAAAEQ"]
[Thu Jun 11 00:22:18.506873 2026] [security2:error] [pid 21126:tid 21147] [client 34.176.79.8:50160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVgAAANM"]
[Thu Jun 11 00:22:18.507114 2026] [security2:error] [pid 21126:tid 21147] [client 34.176.79.8:50160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVgAAANM"]
[Thu Jun 11 00:22:18.507395 2026] [security2:error] [pid 21126:tid 21147] [client 34.176.79.8:50160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVgAAANM"]
[Thu Jun 11 00:22:18.507961 2026] [security2:error] [pid 7752:tid 7757] [client 34.176.79.8:50284] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.stage"] [unique_id "aiop6rXVEMZbaEYG_yz8-QAAAEA"]
[Thu Jun 11 00:22:18.508097 2026] [security2:error] [pid 7752:tid 7757] [client 34.176.79.8:50284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.stage"] [unique_id "aiop6rXVEMZbaEYG_yz8-QAAAEA"]
[Thu Jun 11 00:22:18.508298 2026] [security2:error] [pid 7752:tid 7757] [client 34.176.79.8:50284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.stage"] [unique_id "aiop6rXVEMZbaEYG_yz8-QAAAEA"]
[Thu Jun 11 00:22:18.508562 2026] [security2:error] [pid 7752:tid 7757] [client 34.176.79.8:50284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.stage"] [unique_id "aiop6rXVEMZbaEYG_yz8-QAAAEA"]
[Thu Jun 11 00:22:18.512547 2026] [security2:error] [pid 31551:tid 31572] [client 34.176.79.8:50384] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDgAAAQ4"]
[Thu Jun 11 00:22:18.512701 2026] [security2:error] [pid 31551:tid 31572] [client 34.176.79.8:50384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDgAAAQ4"]
[Thu Jun 11 00:22:18.512832 2026] [security2:error] [pid 31551:tid 31572] [client 34.176.79.8:50384] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDgAAAQ4"]
[Thu Jun 11 00:22:18.513062 2026] [security2:error] [pid 31551:tid 31572] [client 34.176.79.8:50384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDgAAAQ4"]
[Thu Jun 11 00:22:18.513312 2026] [security2:error] [pid 31551:tid 31572] [client 34.176.79.8:50384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/src/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWDgAAAQ4"]
[Thu Jun 11 00:22:18.509510 2026] [security2:error] [pid 21075:tid 21078] [client 34.176.79.8:50336] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH4AAAAAA"]
[Thu Jun 11 00:22:18.513883 2026] [security2:error] [pid 21075:tid 21078] [client 34.176.79.8:50336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH4AAAAAA"]
[Thu Jun 11 00:22:18.514145 2026] [security2:error] [pid 21075:tid 21078] [client 34.176.79.8:50336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH4AAAAAA"]
[Thu Jun 11 00:22:18.514404 2026] [security2:error] [pid 21075:tid 21078] [client 34.176.79.8:50336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aiop6nBSW5Z6y_w6HsGH4AAAAAA"]
[Thu Jun 11 00:22:18.515061 2026] [security2:error] [pid 21126:tid 21129] [client 34.176.79.8:50446] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVwAAAME"]
[Thu Jun 11 00:22:18.515198 2026] [security2:error] [pid 21126:tid 21129] [client 34.176.79.8:50446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVwAAAME"]
[Thu Jun 11 00:22:18.515419 2026] [security2:error] [pid 21126:tid 21129] [client 34.176.79.8:50446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVwAAAME"]
[Thu Jun 11 00:22:18.515833 2026] [security2:error] [pid 21126:tid 21129] [client 34.176.79.8:50446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.staging"] [unique_id "aiop6s0ej6tAIvUNrGGWVwAAAME"]
[Thu Jun 11 00:22:18.519064 2026] [security2:error] [pid 7752:tid 7758] [client 34.176.79.8:50264] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.copy"] [unique_id "aiop6rXVEMZbaEYG_yz8-gAAAEE"]
[Thu Jun 11 00:22:18.519186 2026] [security2:error] [pid 7752:tid 7758] [client 34.176.79.8:50264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.copy"] [unique_id "aiop6rXVEMZbaEYG_yz8-gAAAEE"]
[Thu Jun 11 00:22:18.519375 2026] [security2:error] [pid 7752:tid 7758] [client 34.176.79.8:50264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.copy"] [unique_id "aiop6rXVEMZbaEYG_yz8-gAAAEE"]
[Thu Jun 11 00:22:18.519698 2026] [security2:error] [pid 7752:tid 7758] [client 34.176.79.8:50264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.copy"] [unique_id "aiop6rXVEMZbaEYG_yz8-gAAAEE"]
[Thu Jun 11 00:22:18.525909 2026] [security2:error] [pid 21126:tid 21143] [client 34.176.79.8:50300] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWWAAAAM8"]
[Thu Jun 11 00:22:18.528508 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:50232] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.template"] [unique_id "aiop6nBSW5Z6y_w6HsGH4QAAAAw"]
[Thu Jun 11 00:22:18.528670 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:50232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.template"] [unique_id "aiop6nBSW5Z6y_w6HsGH4QAAAAw"]
[Thu Jun 11 00:22:18.528859 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:50232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.template"] [unique_id "aiop6nBSW5Z6y_w6HsGH4QAAAAw"]
[Thu Jun 11 00:22:18.529289 2026] [security2:error] [pid 21075:tid 21090] [client 34.176.79.8:50232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.template"] [unique_id "aiop6nBSW5Z6y_w6HsGH4QAAAAw"]
[Thu Jun 11 00:22:18.530082 2026] [security2:error] [pid 31551:tid 31574] [client 34.176.79.8:50222] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWDwAAARA"]
[Thu Jun 11 00:22:18.530210 2026] [security2:error] [pid 31551:tid 31574] [client 34.176.79.8:50222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWDwAAARA"]
[Thu Jun 11 00:22:18.530411 2026] [security2:error] [pid 31551:tid 31574] [client 34.176.79.8:50222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWDwAAARA"]
[Thu Jun 11 00:22:18.530703 2026] [security2:error] [pid 31551:tid 31574] [client 34.176.79.8:50222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWDwAAARA"]
[Thu Jun 11 00:22:18.531449 2026] [security2:error] [pid 21126:tid 21143] [client 34.176.79.8:50300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWWAAAAM8"]
[Thu Jun 11 00:22:18.531675 2026] [security2:error] [pid 21126:tid 21131] [client 34.176.79.8:50204] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.pre-production"] [unique_id "aiop6s0ej6tAIvUNrGGWWQAAAMM"]
[Thu Jun 11 00:22:18.532109 2026] [security2:error] [pid 21126:tid 21131] [client 34.176.79.8:50204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.pre-production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.pre-production"] [unique_id "aiop6s0ej6tAIvUNrGGWWQAAAMM"]
[Thu Jun 11 00:22:18.532166 2026] [security2:error] [pid 21126:tid 21143] [client 34.176.79.8:50300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/env.txt"] [unique_id "aiop6s0ej6tAIvUNrGGWWAAAAM8"]
[Thu Jun 11 00:22:18.535619 2026] [security2:error] [pid 21126:tid 21146] [client 34.176.79.8:50386] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWWgAAANI"]
[Thu Jun 11 00:22:18.535805 2026] [security2:error] [pid 21126:tid 21146] [client 34.176.79.8:50386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWWgAAANI"]
[Thu Jun 11 00:22:18.536217 2026] [security2:error] [pid 21126:tid 21146] [client 34.176.79.8:50386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWWgAAANI"]
[Thu Jun 11 00:22:18.536501 2026] [security2:error] [pid 21126:tid 21146] [client 34.176.79.8:50386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/server/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWWgAAANI"]
[Thu Jun 11 00:22:18.537424 2026] [security2:error] [pid 21126:tid 21131] [client 34.176.79.8:50204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.pre-production"] [unique_id "aiop6s0ej6tAIvUNrGGWWQAAAMM"]
[Thu Jun 11 00:22:18.537743 2026] [security2:error] [pid 21126:tid 21131] [client 34.176.79.8:50204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.pre-production"] [unique_id "aiop6s0ej6tAIvUNrGGWWQAAAMM"]
[Thu Jun 11 00:22:18.553801 2026] [security2:error] [pid 21075:tid 21088] [client 34.176.79.8:50506] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.development.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH4gAAAAo"]
[Thu Jun 11 00:22:18.553956 2026] [security2:error] [pid 21075:tid 21088] [client 34.176.79.8:50506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.development.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH4gAAAAo"]
[Thu Jun 11 00:22:18.554234 2026] [security2:error] [pid 21075:tid 21088] [client 34.176.79.8:50506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.development.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH4gAAAAo"]
[Thu Jun 11 00:22:18.554482 2026] [security2:error] [pid 21075:tid 21088] [client 34.176.79.8:50506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.development.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH4gAAAAo"]
[Thu Jun 11 00:22:18.557527 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:50518] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/service/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWWwAAANg"]
[Thu Jun 11 00:22:18.557933 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:50518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/service/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWWwAAANg"]
[Thu Jun 11 00:22:18.558162 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:50518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/service/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWWwAAANg"]
[Thu Jun 11 00:22:18.558635 2026] [security2:error] [pid 21126:tid 21152] [client 34.176.79.8:50518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/service/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWWwAAANg"]
[Thu Jun 11 00:22:18.560010 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:50474] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWEAAAARE"]
[Thu Jun 11 00:22:18.560149 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:50474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWEAAAARE"]
[Thu Jun 11 00:22:18.560362 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:50474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWEAAAARE"]
[Thu Jun 11 00:22:18.560674 2026] [security2:error] [pid 31551:tid 31575] [client 34.176.79.8:50474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/.env.local"] [unique_id "aiop6tPH5u5NVjul-pmWEAAAARE"]
[Thu Jun 11 00:22:18.562476 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:50572] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/admin/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tZAAAAIg"]
[Thu Jun 11 00:22:18.562670 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:50572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/admin/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tZAAAAIg"]
[Thu Jun 11 00:22:18.562936 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:50572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/admin/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tZAAAAIg"]
[Thu Jun 11 00:22:18.563178 2026] [security2:error] [pid 22855:tid 22874] [client 34.176.79.8:50572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/admin/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tZAAAAIg"]
[Thu Jun 11 00:22:18.564691 2026] [security2:error] [pid 21075:tid 21084] [client 34.176.79.8:50396] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/server/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH4wAAAAY"]
[Thu Jun 11 00:22:18.564919 2026] [security2:error] [pid 21075:tid 21084] [client 34.176.79.8:50396] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/server/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH4wAAAAY"]
[Thu Jun 11 00:22:18.565142 2026] [security2:error] [pid 21075:tid 21084] [client 34.176.79.8:50396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/server/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH4wAAAAY"]
[Thu Jun 11 00:22:18.565377 2026] [security2:error] [pid 21075:tid 21084] [client 34.176.79.8:50396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/server/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH4wAAAAY"]
[Thu Jun 11 00:22:18.588935 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50664] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/wordpress/.env"] [unique_id "aiop6l71v4pS85P4fn-tZQAAAIA"]
[Thu Jun 11 00:22:18.589326 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/wordpress/.env"] [unique_id "aiop6l71v4pS85P4fn-tZQAAAIA"]
[Thu Jun 11 00:22:18.589614 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/wordpress/.env"] [unique_id "aiop6l71v4pS85P4fn-tZQAAAIA"]
[Thu Jun 11 00:22:18.589996 2026] [security2:error] [pid 22855:tid 22866] [client 34.176.79.8:50664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/wordpress/.env"] [unique_id "aiop6l71v4pS85P4fn-tZQAAAIA"]
[Thu Jun 11 00:22:18.592604 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:50544] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5AAAAAQ"]
[Thu Jun 11 00:22:18.592769 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:50544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5AAAAAQ"]
[Thu Jun 11 00:22:18.592984 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:50544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5AAAAAQ"]
[Thu Jun 11 00:22:18.593279 2026] [security2:error] [pid 21075:tid 21082] [client 34.176.79.8:50544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5AAAAAQ"]
[Thu Jun 11 00:22:18.597709 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50582] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.local"] [unique_id "aiop6tPH5u5NVjul-pmWEgAAAQU"]
[Thu Jun 11 00:22:18.597949 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.local"] [unique_id "aiop6tPH5u5NVjul-pmWEgAAAQU"]
[Thu Jun 11 00:22:18.598350 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.local"] [unique_id "aiop6tPH5u5NVjul-pmWEgAAAQU"]
[Thu Jun 11 00:22:18.598849 2026] [security2:error] [pid 31551:tid 31563] [client 34.176.79.8:50582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.production.local"] [unique_id "aiop6tPH5u5NVjul-pmWEgAAAQU"]
[Thu Jun 11 00:22:18.600663 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:50556] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWEwAAARg"]
[Thu Jun 11 00:22:18.600797 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:50556] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWEwAAARg"]
[Thu Jun 11 00:22:18.600934 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:50556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWEwAAARg"]
[Thu Jun 11 00:22:18.601030 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:50570] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.development"] [unique_id "aiop6l71v4pS85P4fn-tZgAAAIE"]
[Thu Jun 11 00:22:18.601155 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:50570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.development"] [unique_id "aiop6l71v4pS85P4fn-tZgAAAIE"]
[Thu Jun 11 00:22:18.601203 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:50556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWEwAAARg"]
[Thu Jun 11 00:22:18.601344 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:50570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.development"] [unique_id "aiop6l71v4pS85P4fn-tZgAAAIE"]
[Thu Jun 11 00:22:18.601508 2026] [security2:error] [pid 31551:tid 31582] [client 34.176.79.8:50556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aiop6tPH5u5NVjul-pmWEwAAARg"]
[Thu Jun 11 00:22:18.601700 2026] [security2:error] [pid 22855:tid 22867] [client 34.176.79.8:50570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.development"] [unique_id "aiop6l71v4pS85P4fn-tZgAAAIE"]
[Thu Jun 11 00:22:18.603189 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:50536] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWXAAAAMY"]
[Thu Jun 11 00:22:18.603366 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:50536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWXAAAAMY"]
[Thu Jun 11 00:22:18.603717 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:50536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWXAAAAMY"]
[Thu Jun 11 00:22:18.604099 2026] [security2:error] [pid 21126:tid 21134] [client 34.176.79.8:50536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env.local"] [unique_id "aiop6s0ej6tAIvUNrGGWXAAAAMY"]
[Thu Jun 11 00:22:18.606981 2026] [security2:error] [pid 22855:tid 22869] [client 34.176.79.8:50418] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tZwAAAIM"]
[Thu Jun 11 00:22:18.607379 2026] [security2:error] [pid 22855:tid 22869] [client 34.176.79.8:50418] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tZwAAAIM"]
[Thu Jun 11 00:22:18.607514 2026] [security2:error] [pid 22855:tid 22869] [client 34.176.79.8:50418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tZwAAAIM"]
[Thu Jun 11 00:22:18.607789 2026] [security2:error] [pid 22855:tid 22869] [client 34.176.79.8:50418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tZwAAAIM"]
[Thu Jun 11 00:22:18.608052 2026] [security2:error] [pid 22855:tid 22869] [client 34.176.79.8:50418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.backup"] [unique_id "aiop6l71v4pS85P4fn-tZwAAAIM"]
[Thu Jun 11 00:22:18.609485 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50584] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXQAAANE"]
[Thu Jun 11 00:22:18.609672 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXQAAANE"]
[Thu Jun 11 00:22:18.609873 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXQAAANE"]
[Thu Jun 11 00:22:18.610294 2026] [security2:error] [pid 21126:tid 21145] [client 34.176.79.8:50584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXQAAANE"]
[Thu Jun 11 00:22:18.621566 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50696] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/html/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFAAAAQQ"]
[Thu Jun 11 00:22:18.621748 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/html/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFAAAAQQ"]
[Thu Jun 11 00:22:18.622066 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/html/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFAAAAQQ"]
[Thu Jun 11 00:22:18.622410 2026] [security2:error] [pid 31551:tid 31562] [client 34.176.79.8:50696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/html/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFAAAAQQ"]
[Thu Jun 11 00:22:18.630151 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:50680] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/public/.env"] [unique_id "aiop6l71v4pS85P4fn-taAAAAIs"]
[Thu Jun 11 00:22:18.630282 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:50680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/public/.env"] [unique_id "aiop6l71v4pS85P4fn-taAAAAIs"]
[Thu Jun 11 00:22:18.630464 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:50680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/public/.env"] [unique_id "aiop6l71v4pS85P4fn-taAAAAIs"]
[Thu Jun 11 00:22:18.630841 2026] [security2:error] [pid 22855:tid 22877] [client 34.176.79.8:50680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/public/.env"] [unique_id "aiop6l71v4pS85P4fn-taAAAAIs"]
[Thu Jun 11 00:22:18.632612 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:50636] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5QAAABc"]
[Thu Jun 11 00:22:18.633262 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:50660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/laravel/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFQAAAQI"]
[Thu Jun 11 00:22:18.633390 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50684] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/web/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXgAAAMA"]
[Thu Jun 11 00:22:18.633472 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:50660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/laravel/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFQAAAQI"]
[Thu Jun 11 00:22:18.633565 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/web/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXgAAAMA"]
[Thu Jun 11 00:22:18.633799 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/web/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXgAAAMA"]
[Thu Jun 11 00:22:18.633833 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:50660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/laravel/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFQAAAQI"]
[Thu Jun 11 00:22:18.634024 2026] [security2:error] [pid 21126:tid 21128] [client 34.176.79.8:50684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/web/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXgAAAMA"]
[Thu Jun 11 00:22:18.634109 2026] [security2:error] [pid 31551:tid 31560] [client 34.176.79.8:50660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/laravel/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFQAAAQI"]
[Thu Jun 11 00:22:18.635547 2026] [security2:error] [pid 7752:tid 7774] [client 34.176.79.8:50658] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/docker/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-wAAAFE"]
[Thu Jun 11 00:22:18.635657 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:50560] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.uat"] [unique_id "aiop6nBSW5Z6y_w6HsGH5gAAAAs"]
[Thu Jun 11 00:22:18.635717 2026] [security2:error] [pid 7752:tid 7774] [client 34.176.79.8:50658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/docker/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-wAAAFE"]
[Thu Jun 11 00:22:18.635786 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:50560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.uat"] [unique_id "aiop6nBSW5Z6y_w6HsGH5gAAAAs"]
[Thu Jun 11 00:22:18.635936 2026] [security2:error] [pid 7752:tid 7774] [client 34.176.79.8:50658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/docker/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-wAAAFE"]
[Thu Jun 11 00:22:18.636019 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:50560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.uat"] [unique_id "aiop6nBSW5Z6y_w6HsGH5gAAAAs"]
[Thu Jun 11 00:22:18.636202 2026] [security2:error] [pid 7752:tid 7774] [client 34.176.79.8:50658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/docker/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8-wAAAFE"]
[Thu Jun 11 00:22:18.636270 2026] [security2:error] [pid 21075:tid 21089] [client 34.176.79.8:50560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.uat"] [unique_id "aiop6nBSW5Z6y_w6HsGH5gAAAAs"]
[Thu Jun 11 00:22:18.636411 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:50636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5QAAABc"]
[Thu Jun 11 00:22:18.636691 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:50636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5QAAABc"]
[Thu Jun 11 00:22:18.636942 2026] [security2:error] [pid 21075:tid 21101] [client 34.176.79.8:50636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH5QAAABc"]
[Thu Jun 11 00:22:18.637614 2026] [security2:error] [pid 7752:tid 7773] [client 34.176.79.8:50530] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_AAAAFA"]
[Thu Jun 11 00:22:18.637756 2026] [security2:error] [pid 7752:tid 7773] [client 34.176.79.8:50530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_AAAAFA"]
[Thu Jun 11 00:22:18.637983 2026] [security2:error] [pid 7752:tid 7773] [client 34.176.79.8:50530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_AAAAFA"]
[Thu Jun 11 00:22:18.638328 2026] [security2:error] [pid 7752:tid 7773] [client 34.176.79.8:50530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/admin/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_AAAAFA"]
[Thu Jun 11 00:22:18.640033 2026] [security2:error] [pid 7752:tid 7775] [client 34.176.79.8:50646] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/conf/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_QAAAFI"]
[Thu Jun 11 00:22:18.640178 2026] [security2:error] [pid 7752:tid 7775] [client 34.176.79.8:50646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/conf/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_QAAAFI"]
[Thu Jun 11 00:22:18.640692 2026] [security2:error] [pid 7752:tid 7775] [client 34.176.79.8:50646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/conf/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_QAAAFI"]
[Thu Jun 11 00:22:18.640982 2026] [security2:error] [pid 7752:tid 7775] [client 34.176.79.8:50646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/conf/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_QAAAFI"]
[Thu Jun 11 00:22:18.644068 2026] [security2:error] [pid 7752:tid 7776] [client 34.176.79.8:50694] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/www/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_gAAAFM"]
[Thu Jun 11 00:22:18.644200 2026] [security2:error] [pid 7752:tid 7776] [client 34.176.79.8:50694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/www/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_gAAAFM"]
[Thu Jun 11 00:22:18.644486 2026] [security2:error] [pid 7752:tid 7776] [client 34.176.79.8:50694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/www/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_gAAAFM"]
[Thu Jun 11 00:22:18.644788 2026] [security2:error] [pid 7752:tid 7776] [client 34.176.79.8:50694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/www/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_gAAAFM"]
[Thu Jun 11 00:22:18.670259 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50710] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/data/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH5wAAABg"]
[Thu Jun 11 00:22:18.670474 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/data/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH5wAAABg"]
[Thu Jun 11 00:22:18.670955 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/data/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH5wAAABg"]
[Thu Jun 11 00:22:18.671291 2026] [security2:error] [pid 21075:tid 21102] [client 34.176.79.8:50710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/data/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH5wAAABg"]
[Thu Jun 11 00:22:18.673036 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:50632] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH6AAAAAg"]
[Thu Jun 11 00:22:18.673233 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:50632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH6AAAAAg"]
[Thu Jun 11 00:22:18.673461 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:50632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH6AAAAAg"]
[Thu Jun 11 00:22:18.673705 2026] [security2:error] [pid 21075:tid 21086] [client 34.176.79.8:50632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/config/.env.local"] [unique_id "aiop6nBSW5Z6y_w6HsGH6AAAAAg"]
[Thu Jun 11 00:22:18.675897 2026] [security2:error] [pid 7752:tid 7777] [client 34.176.79.8:50734] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/release/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_wAAAFQ"]
[Thu Jun 11 00:22:18.676095 2026] [security2:error] [pid 7752:tid 7777] [client 34.176.79.8:50734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/release/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_wAAAFQ"]
[Thu Jun 11 00:22:18.676323 2026] [security2:error] [pid 7752:tid 7777] [client 34.176.79.8:50734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/release/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_wAAAFQ"]
[Thu Jun 11 00:22:18.676782 2026] [security2:error] [pid 7752:tid 7777] [client 34.176.79.8:50734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/release/.env"] [unique_id "aiop6rXVEMZbaEYG_yz8_wAAAFQ"]
[Thu Jun 11 00:22:18.697868 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:50776] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/portal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYAAAANQ"]
[Thu Jun 11 00:22:18.698106 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:50760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/uploads/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXwAAANA"]
[Thu Jun 11 00:22:18.698121 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:50776] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/portal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYAAAANQ"]
[Thu Jun 11 00:22:18.698241 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:50760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/uploads/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXwAAANA"]
[Thu Jun 11 00:22:18.698438 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:50776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/portal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYAAAANQ"]
[Thu Jun 11 00:22:18.698466 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:50760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/uploads/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXwAAANA"]
[Thu Jun 11 00:22:18.698838 2026] [security2:error] [pid 21126:tid 21144] [client 34.176.79.8:50760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/uploads/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWXwAAANA"]
[Thu Jun 11 00:22:18.698909 2026] [security2:error] [pid 21126:tid 21148] [client 34.176.79.8:50776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/portal/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYAAAANQ"]
[Thu Jun 11 00:22:18.700353 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:50762] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/htdocs/.env"] [unique_id "aiop6l71v4pS85P4fn-taQAAAJc"]
[Thu Jun 11 00:22:18.700488 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:50762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/htdocs/.env"] [unique_id "aiop6l71v4pS85P4fn-taQAAAJc"]
[Thu Jun 11 00:22:18.700717 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:50762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/htdocs/.env"] [unique_id "aiop6l71v4pS85P4fn-taQAAAJc"]
[Thu Jun 11 00:22:18.701023 2026] [security2:error] [pid 22855:tid 22889] [client 34.176.79.8:50762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/htdocs/.env"] [unique_id "aiop6l71v4pS85P4fn-taQAAAJc"]
[Thu Jun 11 00:22:18.702271 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50822] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/wp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYQAAAMU"]
[Thu Jun 11 00:22:18.702389 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50814] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/dist/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6QAAABU"]
[Thu Jun 11 00:22:18.702397 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/wp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYQAAAMU"]
[Thu Jun 11 00:22:18.702502 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/dist/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6QAAABU"]
[Thu Jun 11 00:22:18.702678 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/wp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYQAAAMU"]
[Thu Jun 11 00:22:18.702717 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/dist/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6QAAABU"]
[Thu Jun 11 00:22:18.702985 2026] [security2:error] [pid 21075:tid 21099] [client 34.176.79.8:50814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/dist/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6QAAABU"]
[Thu Jun 11 00:22:18.703110 2026] [security2:error] [pid 21126:tid 21133] [client 34.176.79.8:50822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/wp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYQAAAMU"]
[Thu Jun 11 00:22:18.704543 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:50618] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/config/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFgAAAQg"]
[Thu Jun 11 00:22:18.704703 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:50618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/config/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFgAAAQg"]
[Thu Jun 11 00:22:18.704938 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:50618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/config/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFgAAAQg"]
[Thu Jun 11 00:22:18.705210 2026] [security2:error] [pid 31551:tid 31566] [client 34.176.79.8:50618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/config/.env"] [unique_id "aiop6tPH5u5NVjul-pmWFgAAAQg"]
[Thu Jun 11 00:22:18.705534 2026] [security2:error] [pid 7752:tid 7779] [client 34.176.79.8:50788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/dashboard/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AAAAAFY"]
[Thu Jun 11 00:22:18.705764 2026] [security2:error] [pid 7752:tid 7779] [client 34.176.79.8:50788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/dashboard/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AAAAAFY"]
[Thu Jun 11 00:22:18.706016 2026] [security2:error] [pid 7752:tid 7779] [client 34.176.79.8:50788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/dashboard/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AAAAAFY"]
[Thu Jun 11 00:22:18.706439 2026] [security2:error] [pid 7752:tid 7779] [client 34.176.79.8:50788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/dashboard/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AAAAAFY"]
[Thu Jun 11 00:22:18.708848 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/storage/.env"] [unique_id "aiop6l71v4pS85P4fn-tawAAAJY"]
[Thu Jun 11 00:22:18.709005 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/storage/.env"] [unique_id "aiop6l71v4pS85P4fn-tawAAAJY"]
[Thu Jun 11 00:22:18.709431 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/storage/.env"] [unique_id "aiop6l71v4pS85P4fn-tawAAAJY"]
[Thu Jun 11 00:22:18.709847 2026] [security2:error] [pid 22855:tid 22888] [client 34.176.79.8:50748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/storage/.env"] [unique_id "aiop6l71v4pS85P4fn-tawAAAJY"]
[Thu Jun 11 00:22:18.712801 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50630] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/private/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH6gAAABE"]
[Thu Jun 11 00:22:18.712967 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/private/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH6gAAABE"]
[Thu Jun 11 00:22:18.713184 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/private/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH6gAAABE"]
[Thu Jun 11 00:22:18.713568 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:50588] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tbAAAAJI"]
[Thu Jun 11 00:22:18.713644 2026] [security2:error] [pid 21075:tid 21095] [client 34.176.79.8:50630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/private/.env.production"] [unique_id "aiop6nBSW5Z6y_w6HsGH6gAAABE"]
[Thu Jun 11 00:22:18.713743 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:50588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tbAAAAJI"]
[Thu Jun 11 00:22:18.714026 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:50588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tbAAAAJI"]
[Thu Jun 11 00:22:18.714351 2026] [security2:error] [pid 22855:tid 22884] [client 34.176.79.8:50588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/internal/.env.production"] [unique_id "aiop6l71v4pS85P4fn-tbAAAAJI"]
[Thu Jun 11 00:22:18.715280 2026] [security2:error] [pid 7752:tid 7763] [client 34.176.79.8:50604] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/private/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AQAAAEY"]
[Thu Jun 11 00:22:18.715431 2026] [security2:error] [pid 7752:tid 7763] [client 34.176.79.8:50604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/private/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AQAAAEY"]
[Thu Jun 11 00:22:18.717893 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:50714] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/symfony/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYgAAAM0"]
[Thu Jun 11 00:22:18.718030 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:50714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/symfony/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYgAAAM0"]
[Thu Jun 11 00:22:18.718253 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:50714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/symfony/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYgAAAM0"]
[Thu Jun 11 00:22:18.719802 2026] [security2:error] [pid 7752:tid 7778] [client 34.176.79.8:50804] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/var/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AgAAAFU"]
[Thu Jun 11 00:22:18.719969 2026] [security2:error] [pid 7752:tid 7778] [client 34.176.79.8:50804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/var/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AgAAAFU"]
[Thu Jun 11 00:22:18.720318 2026] [security2:error] [pid 7752:tid 7778] [client 34.176.79.8:50804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/var/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AgAAAFU"]
[Thu Jun 11 00:22:18.720622 2026] [security2:error] [pid 7752:tid 7778] [client 34.176.79.8:50804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/var/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AgAAAFU"]
[Thu Jun 11 00:22:18.727743 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:50726] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/build/.env"] [unique_id "aiop6l71v4pS85P4fn-tbQAAAIY"]
[Thu Jun 11 00:22:18.727906 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:50726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/build/.env"] [unique_id "aiop6l71v4pS85P4fn-tbQAAAIY"]
[Thu Jun 11 00:22:18.728212 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:50726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/build/.env"] [unique_id "aiop6l71v4pS85P4fn-tbQAAAIY"]
[Thu Jun 11 00:22:18.728726 2026] [security2:error] [pid 22855:tid 22872] [client 34.176.79.8:50726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/build/.env"] [unique_id "aiop6l71v4pS85P4fn-tbQAAAIY"]
[Thu Jun 11 00:22:18.728970 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:50848] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/tmp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYwAAANU"]
[Thu Jun 11 00:22:18.729097 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:50848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/tmp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYwAAANU"]
[Thu Jun 11 00:22:18.729432 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:50848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/tmp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYwAAANU"]
[Thu Jun 11 00:22:18.729719 2026] [security2:error] [pid 21126:tid 21149] [client 34.176.79.8:50848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/tmp/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYwAAANU"]
[Thu Jun 11 00:22:18.730063 2026] [security2:error] [pid 21126:tid 21141] [client 34.176.79.8:50714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/symfony/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWYgAAAM0"]
[Thu Jun 11 00:22:18.731447 2026] [security2:error] [pid 7752:tid 7763] [client 34.176.79.8:50604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/private/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AQAAAEY"]
[Thu Jun 11 00:22:18.732171 2026] [security2:error] [pid 7752:tid 7763] [client 34.176.79.8:50604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/private/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9AQAAAEY"]
[Thu Jun 11 00:22:18.735855 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:50810] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.suporte.machen.ai"] [uri "/env.bak"] [unique_id "aiop6tPH5u5NVjul-pmWFwAAAQ8"]
[Thu Jun 11 00:22:18.735967 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:50810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/env.bak"] [unique_id "aiop6tPH5u5NVjul-pmWFwAAAQ8"]
[Thu Jun 11 00:22:18.736334 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:50810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/env.bak"] [unique_id "aiop6tPH5u5NVjul-pmWFwAAAQ8"]
[Thu Jun 11 00:22:18.736605 2026] [security2:error] [pid 31551:tid 31573] [client 34.176.79.8:50810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/env.bak"] [unique_id "aiop6tPH5u5NVjul-pmWFwAAAQ8"]
[Thu Jun 11 00:22:18.737506 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50874] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6wAAAAI"]
[Thu Jun 11 00:22:18.737646 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6wAAAAI"]
[Thu Jun 11 00:22:18.737933 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6wAAAAI"]
[Thu Jun 11 00:22:18.738151 2026] [security2:error] [pid 21075:tid 21080] [client 34.176.79.8:50874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH6wAAAAI"]
[Thu Jun 11 00:22:18.739477 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:50824] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/deploy/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGAAAARQ"]
[Thu Jun 11 00:22:18.742540 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:50824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/deploy/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGAAAARQ"]
[Thu Jun 11 00:22:18.742883 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:50824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/deploy/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGAAAARQ"]
[Thu Jun 11 00:22:18.743158 2026] [security2:error] [pid 31551:tid 31578] [client 34.176.79.8:50824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/deploy/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGAAAARQ"]
[Thu Jun 11 00:22:18.743803 2026] [security2:error] [pid 7752:tid 7764] [client 34.176.79.8:50890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/cms/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BAAAAEc"]
[Thu Jun 11 00:22:18.743953 2026] [security2:error] [pid 7752:tid 7764] [client 34.176.79.8:50890] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/cms/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BAAAAEc"]
[Thu Jun 11 00:22:18.744192 2026] [security2:error] [pid 7752:tid 7764] [client 34.176.79.8:50890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/cms/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BAAAAEc"]
[Thu Jun 11 00:22:18.744455 2026] [security2:error] [pid 7752:tid 7764] [client 34.176.79.8:50890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/cms/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BAAAAEc"]
[Thu Jun 11 00:22:18.744455 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/.env.test"] [unique_id "aiop6l71v4pS85P4fn-tbgAAAI4"]
[Thu Jun 11 00:22:18.744647 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env.test"] [unique_id "aiop6l71v4pS85P4fn-tbgAAAI4"]
[Thu Jun 11 00:22:18.744946 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env.test"] [unique_id "aiop6l71v4pS85P4fn-tbgAAAI4"]
[Thu Jun 11 00:22:18.745212 2026] [security2:error] [pid 22855:tid 22880] [client 34.176.79.8:50864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env.test"] [unique_id "aiop6l71v4pS85P4fn-tbgAAAI4"]
[Thu Jun 11 00:22:18.746368 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:50834] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/temp/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGQAAAQo"]
[Thu Jun 11 00:22:18.746512 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:50834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/temp/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGQAAAQo"]
[Thu Jun 11 00:22:18.746729 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:50834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/temp/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGQAAAQo"]
[Thu Jun 11 00:22:18.747182 2026] [security2:error] [pid 31551:tid 31568] [client 34.176.79.8:50834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/temp/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGQAAAQo"]
[Thu Jun 11 00:22:18.748208 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:50904] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7AAAABI"]
[Thu Jun 11 00:22:18.748364 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:50904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7AAAABI"]
[Thu Jun 11 00:22:18.748609 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:50904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7AAAABI"]
[Thu Jun 11 00:22:18.748949 2026] [security2:error] [pid 21075:tid 21096] [client 34.176.79.8:50904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7AAAABI"]
[Thu Jun 11 00:22:18.758749 2026] [security2:error] [pid 7752:tid 7765] [client 34.176.79.8:50960] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/backend/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BQAAAEg"]
[Thu Jun 11 00:22:18.759086 2026] [security2:error] [pid 7752:tid 7765] [client 34.176.79.8:50960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/backend/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BQAAAEg"]
[Thu Jun 11 00:22:18.759757 2026] [security2:error] [pid 7752:tid 7765] [client 34.176.79.8:50960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/backend/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BQAAAEg"]
[Thu Jun 11 00:22:18.760137 2026] [security2:error] [pid 7752:tid 7765] [client 34.176.79.8:50960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/backend/.env"] [unique_id "aiop6rXVEMZbaEYG_yz9BQAAAEg"]
[Thu Jun 11 00:22:18.762162 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:50942] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZAAAAMk"]
[Thu Jun 11 00:22:18.762305 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:50942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZAAAAMk"]
[Thu Jun 11 00:22:18.762522 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:50942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZAAAAMk"]
[Thu Jun 11 00:22:18.762774 2026] [security2:error] [pid 21126:tid 21137] [client 34.176.79.8:50942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/api/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZAAAAMk"]
[Thu Jun 11 00:22:18.765722 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50922] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/packages/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGgAAAQs"]
[Thu Jun 11 00:22:18.765872 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/packages/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGgAAAQs"]
[Thu Jun 11 00:22:18.766153 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/packages/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGgAAAQs"]
[Thu Jun 11 00:22:18.766374 2026] [security2:error] [pid 31551:tid 31569] [client 34.176.79.8:50922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/packages/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGgAAAQs"]
[Thu Jun 11 00:22:18.774209 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50918] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7gAAAAM"]
[Thu Jun 11 00:22:18.774334 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7gAAAAM"]
[Thu Jun 11 00:22:18.774528 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7gAAAAM"]
[Thu Jun 11 00:22:18.774549 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50938] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/apps/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tbwAAAJU"]
[Thu Jun 11 00:22:18.774805 2026] [security2:error] [pid 21075:tid 21081] [client 34.176.79.8:50918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/backend/.env"] [unique_id "aiop6nBSW5Z6y_w6HsGH7gAAAAM"]
[Thu Jun 11 00:22:18.779516 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50938] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/apps/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tbwAAAJU"]
[Thu Jun 11 00:22:18.779807 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50938] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/apps/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tbwAAAJU"]
[Thu Jun 11 00:22:18.780316 2026] [security2:error] [pid 22855:tid 22887] [client 34.176.79.8:50938] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/apps/api/.env"] [unique_id "aiop6l71v4pS85P4fn-tbwAAAJU"]
[Thu Jun 11 00:22:18.798161 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50948] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/services/auth/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZQAAAMc"]
[Thu Jun 11 00:22:18.798360 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/auth/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/services/auth/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZQAAAMc"]
[Thu Jun 11 00:22:18.798959 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/services/auth/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZQAAAMc"]
[Thu Jun 11 00:22:18.799340 2026] [security2:error] [pid 21126:tid 21135] [client 34.176.79.8:50948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/services/auth/.env"] [unique_id "aiop6s0ej6tAIvUNrGGWZQAAAMc"]
[Thu Jun 11 00:22:18.837069 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50972] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGwAAAQw"]
[Thu Jun 11 00:22:18.837210 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGwAAAQw"]
[Thu Jun 11 00:22:18.837477 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGwAAAQw"]
[Thu Jun 11 00:22:18.837782 2026] [security2:error] [pid 31551:tid 31570] [client 34.176.79.8:50972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/api/.env"] [unique_id "aiop6tPH5u5NVjul-pmWGwAAAQw"]
[Thu Jun 11 00:22:20.347411 2026] [security2:error] [pid 7752:tid 7768] [client 34.176.79.8:50976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/env"] [unique_id "aiop7LXVEMZbaEYG_yz9BwAAAEs"]
[Thu Jun 11 00:22:20.347859 2026] [security2:error] [pid 7752:tid 7768] [client 34.176.79.8:50976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/env"] [unique_id "aiop7LXVEMZbaEYG_yz9BwAAAEs"]
[Thu Jun 11 00:22:20.348206 2026] [security2:error] [pid 7752:tid 7768] [client 34.176.79.8:50976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/env"] [unique_id "aiop7LXVEMZbaEYG_yz9BwAAAEs"]
[Thu Jun 11 00:26:31.733306 2026] [security2:error] [pid 21126:tid 21129] [client 40.74.208.138:38576] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioq580ej6tAIvUNrGGbcwAAAME"]
[Thu Jun 11 00:26:31.733456 2026] [security2:error] [pid 21126:tid 21129] [client 40.74.208.138:38576] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioq580ej6tAIvUNrGGbcwAAAME"]
[Thu Jun 11 00:26:31.733858 2026] [security2:error] [pid 21126:tid 21129] [client 40.74.208.138:38576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioq580ej6tAIvUNrGGbcwAAAME"]
[Thu Jun 11 00:26:31.734156 2026] [security2:error] [pid 21126:tid 21129] [client 40.74.208.138:38576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioq580ej6tAIvUNrGGbcwAAAME"]
[Thu Jun 11 00:32:37.432553 2026] [security2:error] [pid 22855:tid 22872] [client 78.153.140.50:60314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiosVV71v4pS85P4fn-4JwAAAIY"]
[Thu Jun 11 00:32:37.433055 2026] [security2:error] [pid 22855:tid 22872] [client 78.153.140.50:60314] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiosVV71v4pS85P4fn-4JwAAAIY"]
[Thu Jun 11 00:32:37.433460 2026] [security2:error] [pid 22855:tid 22872] [client 78.153.140.50:60314] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiosVV71v4pS85P4fn-4JwAAAIY"]
[Thu Jun 11 00:32:37.653069 2026] [security2:error] [pid 22855:tid 22872] [client 78.153.140.50:60314] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiosVV71v4pS85P4fn-4JwAAAIY"]
[Thu Jun 11 00:32:40.470320 2026] [security2:error] [pid 31551:tid 31580] [client 78.153.140.50:41808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiosWNPH5u5NVjul-pmgBQAAARY"]
[Thu Jun 11 00:33:36.656125 2026] [security2:error] [pid 21126:tid 21143] [client 172.239.64.155:29594] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aioskM0ej6tAIvUNrGGhiwAAAM8"], referer: http://13.84.161.190/
[Thu Jun 11 00:35:06.795285 2026] [core:error] [pid 7752:tid 7779] [client 180.76.172.156:39832] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 00:37:00.975792 2026] [security2:error] [pid 22855:tid 22883] [client 64.227.79.139:54376] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiotXF71v4pS85P4fn-8mQAAAJE"]
[Thu Jun 11 00:37:01.355943 2026] [security2:error] [pid 31551:tid 31570] [client 64.227.79.139:54386] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiotXdPH5u5NVjul-pmi3AAAAQw"], referer: https://13.66.22.226:443
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 00:37:01.755985 2026] [security2:error] [pid 21075:tid 21086] [client 64.227.79.139:54394] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiotXXBSW5Z6y_w6HsGT5AAAAAg"]
[Thu Jun 11 00:37:02.146050 2026] [security2:error] [pid 21075:tid 21088] [client 64.227.79.139:54402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiotXnBSW5Z6y_w6HsGT5QAAAAo"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 00:41:00.637706 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:55414] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ARgAAAIU"]
[Thu Jun 11 00:41:00.638047 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:55414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ARgAAAIU"]
[Thu Jun 11 00:41:00.645141 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:55472] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/heapdump"] [unique_id "aiouTF71v4pS85P4fn_ARwAAAIs"]
[Thu Jun 11 00:41:00.645492 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:55472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/heapdump"] [unique_id "aiouTF71v4pS85P4fn_ARwAAAIs"]
[Thu Jun 11 00:41:00.647362 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:55458] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configprops"] [unique_id "aiouTLXVEMZbaEYG_ywRRAAAAEc"]
[Thu Jun 11 00:41:00.647676 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:55458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configprops"] [unique_id "aiouTLXVEMZbaEYG_ywRRAAAAEc"]
[Thu Jun 11 00:41:00.647749 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:55430] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/threaddump"] [unique_id "aiouTLXVEMZbaEYG_ywRRQAAAFc"]
[Thu Jun 11 00:41:00.648123 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:55430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/threaddump"] [unique_id "aiouTLXVEMZbaEYG_ywRRQAAAFc"]
[Thu Jun 11 00:41:00.649467 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:55434] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/heapdump"] [unique_id "aiouTNPH5u5NVjul-pmnBgAAAQE"]
[Thu Jun 11 00:41:00.649810 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:55434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/heapdump"] [unique_id "aiouTNPH5u5NVjul-pmnBgAAAQE"]
[Thu Jun 11 00:41:00.650303 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:55476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/dump"] [unique_id "aiouTHBSW5Z6y_w6HsGXmAAAAAk"]
[Thu Jun 11 00:41:00.650635 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:55476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/dump"] [unique_id "aiouTHBSW5Z6y_w6HsGXmAAAAAk"]
[Thu Jun 11 00:41:00.652018 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:55496] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ASAAAAJE"]
[Thu Jun 11 00:41:00.652335 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:55496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ASAAAAJE"]
[Thu Jun 11 00:41:00.652827 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:55446] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/heapdump"] [unique_id "aiouTM0ej6tAIvUNrGGpMAAAAMA"]
[Thu Jun 11 00:41:00.653267 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:55446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/heapdump"] [unique_id "aiouTM0ej6tAIvUNrGGpMAAAAMA"]
[Thu Jun 11 00:41:00.654882 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:55460] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnBwAAAQU"]
[Thu Jun 11 00:41:00.655019 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:55488] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/env"] [unique_id "aiouTM0ej6tAIvUNrGGpMQAAAME"]
[Thu Jun 11 00:41:00.655284 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:55460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnBwAAAQU"]
[Thu Jun 11 00:41:00.655409 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:55488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/actuator/env"] [unique_id "aiouTM0ej6tAIvUNrGGpMQAAAME"]
[Thu Jun 11 00:41:00.656519 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:55504] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/actuator/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRRgAAAEg"]
[Thu Jun 11 00:41:00.656839 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:55504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/actuator/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRRgAAAEg"]
[Thu Jun 11 00:41:00.659890 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:55520] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/heapdump"] [unique_id "aiouTNPH5u5NVjul-pmnCAAAARI"]
[Thu Jun 11 00:41:00.660207 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:55520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/heapdump"] [unique_id "aiouTNPH5u5NVjul-pmnCAAAARI"]
[Thu Jun 11 00:41:00.663062 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:55516] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXmQAAAAo"]
[Thu Jun 11 00:41:00.663269 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:55442] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXlwAAAAA"]
[Thu Jun 11 00:41:00.663335 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:55516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXmQAAAAo"]
[Thu Jun 11 00:41:00.663665 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:55442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXlwAAAAA"]
[Thu Jun 11 00:41:00.673617 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:55526] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/actuator/heapdump"] [unique_id "aiouTM0ej6tAIvUNrGGpMgAAAMY"]
[Thu Jun 11 00:41:00.673917 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:55526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/actuator/heapdump"] [unique_id "aiouTM0ej6tAIvUNrGGpMgAAAMY"]
[Thu Jun 11 00:41:00.689976 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:55534] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/actuator/env"] [unique_id "aiouTLXVEMZbaEYG_ywRRwAAAEU"]
[Thu Jun 11 00:41:00.690382 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:55534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/actuator/env"] [unique_id "aiouTLXVEMZbaEYG_ywRRwAAAEU"]
[Thu Jun 11 00:41:00.691997 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:55536] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnCQAAAQA"]
[Thu Jun 11 00:41:00.692159 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:55536] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnCQAAAQA"]
[Thu Jun 11 00:41:00.692361 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:55536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnCQAAAQA"]
[Thu Jun 11 00:41:00.694098 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:55542] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/threaddump"] [unique_id "aiouTM0ej6tAIvUNrGGpMwAAAMs"]
[Thu Jun 11 00:41:00.694426 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:55542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/threaddump"] [unique_id "aiouTM0ej6tAIvUNrGGpMwAAAMs"]
[Thu Jun 11 00:41:00.696615 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:55566] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ASgAAAIg"]
[Thu Jun 11 00:41:00.696953 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:55566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_ASgAAAIg"]
[Thu Jun 11 00:41:00.698921 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:55556] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnCgAAAQg"]
[Thu Jun 11 00:41:00.699474 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:55556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnCgAAAQg"]
[Thu Jun 11 00:41:00.701799 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:55562] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/trace"] [unique_id "aiouTLXVEMZbaEYG_ywRSAAAAEE"]
[Thu Jun 11 00:41:00.702213 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:55562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/trace"] [unique_id "aiouTLXVEMZbaEYG_ywRSAAAAEE"]
[Thu Jun 11 00:41:00.705248 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:55612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_ASwAAAIA"]
[Thu Jun 11 00:41:00.705383 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:55592] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXmgAAAA4"]
[Thu Jun 11 00:41:00.705553 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:55612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_ASwAAAIA"]
[Thu Jun 11 00:41:00.705673 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:55592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXmgAAAA4"]
[Thu Jun 11 00:41:00.706995 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:55538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.aws/config"] [unique_id "aiouTHBSW5Z6y_w6HsGXmwAAAA8"]
[Thu Jun 11 00:41:00.707142 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:55538] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.aws/config"] [unique_id "aiouTHBSW5Z6y_w6HsGXmwAAAA8"]
[Thu Jun 11 00:41:00.707365 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:55538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.aws/config"] [unique_id "aiouTHBSW5Z6y_w6HsGXmwAAAA8"]
[Thu Jun 11 00:41:00.707384 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:55624] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.azure/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnCwAAARc"]
[Thu Jun 11 00:41:00.707704 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:55624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.azure/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnCwAAARc"]
[Thu Jun 11 00:41:00.712000 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:55576] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.gcloud/credentials.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNQAAAM4"]
[Thu Jun 11 00:41:00.712377 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:55576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.gcloud/credentials.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNQAAAM4"]
[Thu Jun 11 00:41:00.713528 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:55596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiouTLXVEMZbaEYG_ywRSQAAAFI"]
[Thu Jun 11 00:41:00.713703 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:55596] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiouTLXVEMZbaEYG_ywRSQAAAFI"]
[Thu Jun 11 00:41:00.714002 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:55596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiouTLXVEMZbaEYG_ywRSQAAAFI"]
[Thu Jun 11 00:41:00.715873 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:55638] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials"] [unique_id "aiouTHBSW5Z6y_w6HsGXnAAAABc"]
[Thu Jun 11 00:41:00.716468 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:55638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials"] [unique_id "aiouTHBSW5Z6y_w6HsGXnAAAABc"]
[Thu Jun 11 00:41:00.727043 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:55664] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/aws.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNgAAANU"]
[Thu Jun 11 00:41:00.727357 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:55664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/aws.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNgAAANU"]
[Thu Jun 11 00:41:00.731118 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:55648] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_ATAAAAIo"]
[Thu Jun 11 00:41:00.731640 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:55648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_ATAAAAIo"]
[Thu Jun 11 00:41:00.735023 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:55670] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/aws_credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRSgAAAEs"]
[Thu Jun 11 00:41:00.735288 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:55670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/aws_credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRSgAAAEs"]
[Thu Jun 11 00:41:00.737342 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:55674] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/aws-credentials.json"] [unique_id "aiouTNPH5u5NVjul-pmnDAAAAQ4"]
[Thu Jun 11 00:41:00.737663 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:55674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/aws-credentials.json"] [unique_id "aiouTNPH5u5NVjul-pmnDAAAAQ4"]
[Thu Jun 11 00:41:00.748705 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:55682] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/service-account.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNwAAAMo"]
[Thu Jun 11 00:41:00.748994 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:55682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/service-account.json"] [unique_id "aiouTM0ej6tAIvUNrGGpNwAAAMo"]
[Thu Jun 11 00:41:00.755173 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:55686] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/serviceaccount.json"] [unique_id "aiouTF71v4pS85P4fn_ATQAAAJU"]
[Thu Jun 11 00:41:00.755480 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:55686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/serviceaccount.json"] [unique_id "aiouTF71v4pS85P4fn_ATQAAAJU"]
[Thu Jun 11 00:41:00.755952 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:55672] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/heapdump"] [unique_id "aiouTHBSW5Z6y_w6HsGXnQAAABA"]
[Thu Jun 11 00:41:00.756253 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:55672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/heapdump"] [unique_id "aiouTHBSW5Z6y_w6HsGXnQAAABA"]
[Thu Jun 11 00:41:00.759479 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:55688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/google-credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRTAAAAEo"]
[Thu Jun 11 00:41:00.759957 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:55688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/google-credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRTAAAAEo"]
[Thu Jun 11 00:41:00.766860 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:55718] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXngAAABQ"]
[Thu Jun 11 00:41:00.766990 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:55690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/gcp-credentials.json"] [unique_id "aiouTNPH5u5NVjul-pmnDQAAAQw"]
[Thu Jun 11 00:41:00.767193 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:55718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXngAAABQ"]
[Thu Jun 11 00:41:00.767312 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:55690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/gcp-credentials.json"] [unique_id "aiouTNPH5u5NVjul-pmnDQAAAQw"]
[Thu Jun 11 00:41:00.770342 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:55706] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump"] [unique_id "aiouTM0ej6tAIvUNrGGpOAAAANc"]
[Thu Jun 11 00:41:00.770716 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:55706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump"] [unique_id "aiouTM0ej6tAIvUNrGGpOAAAANc"]
[Thu Jun 11 00:41:00.773612 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:55726] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/gcp.json"] [unique_id "aiouTF71v4pS85P4fn_ATgAAAI4"]
[Thu Jun 11 00:41:00.773930 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:55726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/gcp.json"] [unique_id "aiouTF71v4pS85P4fn_ATgAAAI4"]
[Thu Jun 11 00:41:00.781332 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:55752] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/firebase-adminsdk.json"] [unique_id "aiouTNPH5u5NVjul-pmnDgAAAQo"]
[Thu Jun 11 00:41:00.781678 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:55752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/firebase-adminsdk.json"] [unique_id "aiouTNPH5u5NVjul-pmnDgAAAQo"]
[Thu Jun 11 00:41:00.785713 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:55764] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/heapdump"] [unique_id "aiouTHBSW5Z6y_w6HsGXnwAAAAw"]
[Thu Jun 11 00:41:00.785998 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:55764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/heapdump"] [unique_id "aiouTHBSW5Z6y_w6HsGXnwAAAAw"]
[Thu Jun 11 00:41:00.794934 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:55780] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/cloud.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOQAAAMQ"]
[Thu Jun 11 00:41:00.795348 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:55780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/cloud.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOQAAAMQ"]
[Thu Jun 11 00:41:00.801623 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:55784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.credentials"] [unique_id "aiouTLXVEMZbaEYG_ywRTwAAAFY"]
[Thu Jun 11 00:41:00.801892 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:55784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.credentials"] [unique_id "aiouTLXVEMZbaEYG_ywRTwAAAFY"]
[Thu Jun 11 00:41:00.807695 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:55816] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/aws.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOgAAANg"]
[Thu Jun 11 00:41:00.808020 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:55816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/aws.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOgAAANg"]
[Thu Jun 11 00:41:00.808994 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:55788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnDwAAAQQ"]
[Thu Jun 11 00:41:00.809142 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:55788] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /config/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnDwAAAQQ"]
[Thu Jun 11 00:41:00.809379 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:55788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "aiouTNPH5u5NVjul-pmnDwAAAQQ"]
[Thu Jun 11 00:41:00.810870 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:55802] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXoAAAAAc"]
[Thu Jun 11 00:41:00.810954 2026] [security2:error] [pid 22855:tid 22869] [client 34.106.8.40:55824] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AUAAAAIM"]
[Thu Jun 11 00:41:00.811128 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:55802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/env"] [unique_id "aiouTHBSW5Z6y_w6HsGXoAAAAAc"]
[Thu Jun 11 00:41:00.811245 2026] [security2:error] [pid 22855:tid 22869] [client 34.106.8.40:55824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AUAAAAIM"]
[Thu Jun 11 00:41:00.824349 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:55834] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/trace"] [unique_id "aiouTLXVEMZbaEYG_ywRUAAAAFQ"]
[Thu Jun 11 00:41:00.824717 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:55834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/trace"] [unique_id "aiouTLXVEMZbaEYG_ywRUAAAAFQ"]
[Thu Jun 11 00:41:00.826900 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:55738] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/firebase-credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRTQAAAFU"]
[Thu Jun 11 00:41:00.827325 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:55738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/firebase-credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRTQAAAFU"]
[Thu Jun 11 00:41:00.828819 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:55846] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/service-account.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOwAAAM8"]
[Thu Jun 11 00:41:00.829105 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:55846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/service-account.json"] [unique_id "aiouTM0ej6tAIvUNrGGpOwAAAM8"]
[Thu Jun 11 00:41:00.830486 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:55848] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXoQAAABE"]
[Thu Jun 11 00:41:00.830975 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:55848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXoQAAABE"]
[Thu Jun 11 00:41:00.831766 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:55844] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnEQAAARE"]
[Thu Jun 11 00:41:00.832078 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:55844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/actuator/logfile"] [unique_id "aiouTNPH5u5NVjul-pmnEQAAARE"]
[Thu Jun 11 00:41:00.833562 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:55904] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/sessions"] [unique_id "aiouTHBSW5Z6y_w6HsGXogAAAAg"]
[Thu Jun 11 00:41:00.833932 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:55904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/sessions"] [unique_id "aiouTHBSW5Z6y_w6HsGXogAAAAg"]
[Thu Jun 11 00:41:00.835663 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:55864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_AUQAAAJg"]
[Thu Jun 11 00:41:00.835967 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:55864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/actuator/configprops"] [unique_id "aiouTF71v4pS85P4fn_AUQAAAJg"]
[Thu Jun 11 00:41:00.837284 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:55890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/auditevents"] [unique_id "aiouTM0ej6tAIvUNrGGpPAAAAM0"]
[Thu Jun 11 00:41:00.837669 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:55890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/auditevents"] [unique_id "aiouTM0ej6tAIvUNrGGpPAAAAM0"]
[Thu Jun 11 00:41:00.842059 2026] [security2:error] [pid 22855:tid 22881] [client 34.106.8.40:55910] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AUgAAAI8"]
[Thu Jun 11 00:41:00.842411 2026] [security2:error] [pid 22855:tid 22881] [client 34.106.8.40:55910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AUgAAAI8"]
[Thu Jun 11 00:41:00.844061 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:55866] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/httptrace"] [unique_id "aiouTLXVEMZbaEYG_ywRUQAAAEM"]
[Thu Jun 11 00:41:00.844404 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:55866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/httptrace"] [unique_id "aiouTLXVEMZbaEYG_ywRUQAAAEM"]
[Thu Jun 11 00:41:00.847658 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:55878] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/aws.json"] [unique_id "aiouTNPH5u5NVjul-pmnEgAAARY"]
[Thu Jun 11 00:41:00.847874 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:55934] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouTHBSW5Z6y_w6HsGXowAAABM"]
[Thu Jun 11 00:41:00.847968 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:55878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/aws.json"] [unique_id "aiouTNPH5u5NVjul-pmnEgAAARY"]
[Thu Jun 11 00:41:00.848139 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:55934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouTHBSW5Z6y_w6HsGXowAAABM"]
[Thu Jun 11 00:41:00.849438 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:55922] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/aws.json"] [unique_id "aiouTNPH5u5NVjul-pmnEwAAAQY"]
[Thu Jun 11 00:41:00.849743 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:55922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/aws.json"] [unique_id "aiouTNPH5u5NVjul-pmnEwAAAQY"]
[Thu Jun 11 00:41:00.851328 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:55920] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRUgAAAFA"]
[Thu Jun 11 00:41:00.851709 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:55920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRUgAAAFA"]
[Thu Jun 11 00:41:00.859904 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:55954] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRUwAAAEY"]
[Thu Jun 11 00:41:00.860229 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:55954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/heapdump"] [unique_id "aiouTLXVEMZbaEYG_ywRUwAAAEY"]
[Thu Jun 11 00:41:00.863148 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:55944] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/heapdump"] [unique_id "aiouTF71v4pS85P4fn_AUwAAAIQ"]
[Thu Jun 11 00:41:00.863554 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:55944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/heapdump"] [unique_id "aiouTF71v4pS85P4fn_AUwAAAIQ"]
[Thu Jun 11 00:41:00.868313 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:55946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/credentials.json"] [unique_id "aiouTM0ej6tAIvUNrGGpPQAAANY"]
[Thu Jun 11 00:41:00.868592 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:55946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/credentials.json"] [unique_id "aiouTM0ej6tAIvUNrGGpPQAAANY"]
[Thu Jun 11 00:41:00.870208 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:55966] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/service-account.json"] [unique_id "aiouTNPH5u5NVjul-pmnFAAAARQ"]
[Thu Jun 11 00:41:00.870488 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:55966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/service-account.json"] [unique_id "aiouTNPH5u5NVjul-pmnFAAAARQ"]
[Thu Jun 11 00:41:00.871963 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:55976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/credentials.json"] [unique_id "aiouTHBSW5Z6y_w6HsGXpAAAAAY"]
[Thu Jun 11 00:41:00.872323 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:55976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/credentials.json"] [unique_id "aiouTHBSW5Z6y_w6HsGXpAAAAAY"]
[Thu Jun 11 00:41:00.881451 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:55990] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AVQAAAJY"]
[Thu Jun 11 00:41:00.881876 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:55990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/service-account.json"] [unique_id "aiouTF71v4pS85P4fn_AVQAAAJY"]
[Thu Jun 11 00:41:00.888054 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:56010] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets/gcp.json"] [unique_id "aiouTNPH5u5NVjul-pmnFQAAAQc"]
[Thu Jun 11 00:41:00.888471 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:56010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets/gcp.json"] [unique_id "aiouTNPH5u5NVjul-pmnFQAAAQc"]
[Thu Jun 11 00:41:00.889528 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:55986] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aiouTM0ej6tAIvUNrGGpPgAAANQ"]
[Thu Jun 11 00:41:00.894140 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:55986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aiouTM0ej6tAIvUNrGGpPgAAANQ"]
[Thu Jun 11 00:41:00.895124 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:56016] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXpQAAABI"]
[Thu Jun 11 00:41:00.895513 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:56016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/actuator/configprops"] [unique_id "aiouTHBSW5Z6y_w6HsGXpQAAABI"]
[Thu Jun 11 00:41:00.898823 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:55996] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets/aws.json"] [unique_id "aiouTLXVEMZbaEYG_ywRVAAAAEk"]
[Thu Jun 11 00:41:00.899186 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:55996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets/aws.json"] [unique_id "aiouTLXVEMZbaEYG_ywRVAAAAEk"]
[Thu Jun 11 00:41:00.904431 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:56042] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_AVgAAAJQ"]
[Thu Jun 11 00:41:00.904828 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:56042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/actuator/env"] [unique_id "aiouTF71v4pS85P4fn_AVgAAAJQ"]
[Thu Jun 11 00:41:00.908773 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:56032] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets/azure.json"] [unique_id "aiouTM0ej6tAIvUNrGGpPwAAAMc"]
[Thu Jun 11 00:41:00.909183 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:56032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets/azure.json"] [unique_id "aiouTM0ej6tAIvUNrGGpPwAAAMc"]
[Thu Jun 11 00:41:00.917227 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:56058] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/info.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXpwAAAAE"]
[Thu Jun 11 00:41:00.917545 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:56058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/info.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXpwAAAAE"]
[Thu Jun 11 00:41:00.922786 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:56050] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets/credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRVQAAAEI"]
[Thu Jun 11 00:41:00.923192 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:56050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets/credentials.json"] [unique_id "aiouTLXVEMZbaEYG_ywRVQAAAEI"]
[Thu Jun 11 00:41:00.923451 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:56062] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/php.php"] [unique_id "aiouTM0ej6tAIvUNrGGpQAAAAMw"]
[Thu Jun 11 00:41:00.923764 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:56062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/php.php"] [unique_id "aiouTM0ej6tAIvUNrGGpQAAAAMw"]
[Thu Jun 11 00:41:00.934383 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:56072] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/debug.php"] [unique_id "aiouTF71v4pS85P4fn_AVwAAAJA"]
[Thu Jun 11 00:41:00.934771 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:56072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/debug.php"] [unique_id "aiouTF71v4pS85P4fn_AVwAAAJA"]
[Thu Jun 11 00:41:00.938191 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:56068] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/test.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVgAAAFg"]
[Thu Jun 11 00:41:00.938519 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:56068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/test.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVgAAAFg"]
[Thu Jun 11 00:41:00.940376 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:56052] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/phpinfo.php"] [unique_id "aiouTNPH5u5NVjul-pmnFgAAARM"]
[Thu Jun 11 00:41:00.940723 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:56052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/phpinfo.php"] [unique_id "aiouTNPH5u5NVjul-pmnFgAAARM"]
[Thu Jun 11 00:41:00.960607 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:56096] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/_profiler"] [unique_id "aiouTHBSW5Z6y_w6HsGXqAAAABg"]
[Thu Jun 11 00:41:00.961154 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:56096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/_profiler"] [unique_id "aiouTHBSW5Z6y_w6HsGXqAAAABg"]
[Thu Jun 11 00:41:00.963135 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:56080] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/phptest.php"] [unique_id "aiouTNPH5u5NVjul-pmnFwAAARg"]
[Thu Jun 11 00:41:00.963480 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:56080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/phptest.php"] [unique_id "aiouTNPH5u5NVjul-pmnFwAAARg"]
[Thu Jun 11 00:41:00.970956 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:56108] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/_profiler/phpinfo"] [unique_id "aiouTM0ej6tAIvUNrGGpQQAAAMI"]
[Thu Jun 11 00:41:00.971336 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:56108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/_profiler/phpinfo"] [unique_id "aiouTM0ej6tAIvUNrGGpQQAAAMI"]
[Thu Jun 11 00:41:00.975104 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:56118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/profiler"] [unique_id "aiouTLXVEMZbaEYG_ywRVwAAAEQ"]
[Thu Jun 11 00:41:00.975568 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:56118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/profiler"] [unique_id "aiouTLXVEMZbaEYG_ywRVwAAAEQ"]
[Thu Jun 11 00:41:00.976429 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:56114] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/_profiler/open"] [unique_id "aiouTF71v4pS85P4fn_AWAAAAIY"]
[Thu Jun 11 00:41:00.976784 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:56114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/_profiler/open"] [unique_id "aiouTF71v4pS85P4fn_AWAAAAIY"]
[Thu Jun 11 00:41:00.978290 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:56122] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/profiler/phpinfo"] [unique_id "aiouTNPH5u5NVjul-pmnGAAAAQk"]
[Thu Jun 11 00:41:00.978689 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:56122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/profiler/phpinfo"] [unique_id "aiouTNPH5u5NVjul-pmnGAAAAQk"]
[Thu Jun 11 00:41:00.991420 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:56124] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/phpinfo.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXqQAAABY"]
[Thu Jun 11 00:41:00.991803 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:56124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/phpinfo.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXqQAAABY"]
[Thu Jun 11 00:41:00.998737 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:56150] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.yml"] [unique_id "aiouTM0ej6tAIvUNrGGpQgAAANI"]
[Thu Jun 11 00:41:00.999127 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:56150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.yml"] [unique_id "aiouTM0ej6tAIvUNrGGpQgAAANI"]
[Thu Jun 11 00:41:01.005969 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:56160] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.yaml"] [unique_id "aiouTbXVEMZbaEYG_ywRWQAAAFM"]
[Thu Jun 11 00:41:01.006304 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:56160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.yaml"] [unique_id "aiouTbXVEMZbaEYG_ywRWQAAAFM"]
[Thu Jun 11 00:41:01.010096 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:56134] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/phpinfo.php"] [unique_id "aiouTV71v4pS85P4fn_AWQAAAIc"]
[Thu Jun 11 00:41:01.010447 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:56134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/phpinfo.php"] [unique_id "aiouTV71v4pS85P4fn_AWQAAAIc"]
[Thu Jun 11 00:41:01.031269 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:56166] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.prod.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGQAAAQ8"]
[Thu Jun 11 00:41:01.031670 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:56166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.prod.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGQAAAQ8"]
[Thu Jun 11 00:41:01.033338 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:56186] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.production.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpQwAAANA"]
[Thu Jun 11 00:41:01.035995 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:56176] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.prod.yaml"] [unique_id "aiouTXBSW5Z6y_w6HsGXqgAAABU"]
[Thu Jun 11 00:41:01.036356 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:56176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.prod.yaml"] [unique_id "aiouTXBSW5Z6y_w6HsGXqgAAABU"]
[Thu Jun 11 00:41:01.039327 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:56194] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.dev.yml"] [unique_id "aiouTV71v4pS85P4fn_AWgAAAJI"]
[Thu Jun 11 00:41:01.039550 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:56198] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.staging.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRWgAAAFE"]
[Thu Jun 11 00:41:01.039741 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:56194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.dev.yml"] [unique_id "aiouTV71v4pS85P4fn_AWgAAAJI"]
[Thu Jun 11 00:41:01.039853 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:56198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.staging.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRWgAAAFE"]
[Thu Jun 11 00:41:01.040382 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:56186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.production.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpQwAAANA"]
[Thu Jun 11 00:41:01.052095 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:56222] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.local.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXqwAAAAI"]
[Thu Jun 11 00:41:01.052451 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:56222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.local.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXqwAAAAI"]
[Thu Jun 11 00:41:01.059057 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:56214] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.override.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGgAAAQM"]
[Thu Jun 11 00:41:01.059421 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:56214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker-compose.override.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGgAAAQM"]
[Thu Jun 11 00:41:01.065151 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:56226] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/Dockerfile"] [unique_id "aiouTc0ej6tAIvUNrGGpRAAAAMU"]
[Thu Jun 11 00:41:01.065333 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:56226] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/Dockerfile"] [unique_id "aiouTc0ej6tAIvUNrGGpRAAAAMU"]
[Thu Jun 11 00:41:01.065633 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:56226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/Dockerfile"] [unique_id "aiouTc0ej6tAIvUNrGGpRAAAAMU"]
[Thu Jun 11 00:41:01.068783 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:56242] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.docker/config.json"] [unique_id "aiouTbXVEMZbaEYG_ywRWwAAAEw"]
[Thu Jun 11 00:41:01.068932 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:56242] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.docker/config.json"] [unique_id "aiouTbXVEMZbaEYG_ywRWwAAAEw"]
[Thu Jun 11 00:41:01.069178 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:56242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.docker/config.json"] [unique_id "aiouTbXVEMZbaEYG_ywRWwAAAEw"]
[Thu Jun 11 00:41:01.070932 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:56238] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/logfile"] [unique_id "aiouTV71v4pS85P4fn_AWwAAAJc"]
[Thu Jun 11 00:41:01.071550 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:56238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/logfile"] [unique_id "aiouTV71v4pS85P4fn_AWwAAAJc"]
[Thu Jun 11 00:41:01.077217 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:56246] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGwAAAQ0"]
[Thu Jun 11 00:41:01.077598 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnGwAAAQ0"]
[Thu Jun 11 00:41:01.079023 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:56250] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/docker-compose.prod.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrAAAAAU"]
[Thu Jun 11 00:41:01.079329 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:56250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/docker-compose.prod.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrAAAAAU"]
[Thu Jun 11 00:41:01.082358 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:56260] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRQAAANM"]
[Thu Jun 11 00:41:01.082690 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:56260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRQAAANM"]
[Thu Jun 11 00:41:01.111403 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:56276] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AXAAAAJM"]
[Thu Jun 11 00:41:01.111932 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:56276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AXAAAAJM"]
[Thu Jun 11 00:41:01.113417 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:56284] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHAAAARU"]
[Thu Jun 11 00:41:01.113718 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:56284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHAAAARU"]
[Thu Jun 11 00:41:01.116880 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:56294] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/docker-compose.prod.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrQAAAAM"]
[Thu Jun 11 00:41:01.117263 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:56294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/docker-compose.prod.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrQAAAAM"]
[Thu Jun 11 00:41:01.118679 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:56304] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRgAAAMg"]
[Thu Jun 11 00:41:01.119046 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:56304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRgAAAMg"]
[Thu Jun 11 00:41:01.121874 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:56318] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AXQAAAI0"]
[Thu Jun 11 00:41:01.122278 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:56318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AXQAAAI0"]
[Thu Jun 11 00:41:01.124679 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:56326] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/infra/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHQAAAQs"]
[Thu Jun 11 00:41:01.125014 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:56326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/infra/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHQAAAQs"]
[Thu Jun 11 00:41:01.140009 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:56336] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrgAAAAs"]
[Thu Jun 11 00:41:01.140432 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:56336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrgAAAAs"]
[Thu Jun 11 00:41:01.142165 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:56344] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRwAAAMk"]
[Thu Jun 11 00:41:01.142551 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:56344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "aiouTc0ej6tAIvUNrGGpRwAAAMk"]
[Thu Jun 11 00:41:01.152135 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:56352] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "aiouTV71v4pS85P4fn_AXgAAAIw"]
[Thu Jun 11 00:41:01.152646 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:56352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "aiouTV71v4pS85P4fn_AXgAAAIw"]
[Thu Jun 11 00:41:01.152848 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:55458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRRAAAAEc"]
[Thu Jun 11 00:41:01.165847 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:56384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "aiouTV71v4pS85P4fn_AXwAAAIk"]
[Thu Jun 11 00:41:01.166297 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:56384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "aiouTV71v4pS85P4fn_AXwAAAIk"]
[Thu Jun 11 00:41:01.168523 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:56366] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHgAAARA"]
[Thu Jun 11 00:41:01.169057 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:56366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "aiouTdPH5u5NVjul-pmnHgAAARA"]
[Thu Jun 11 00:41:01.170527 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:56378] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrwAAAA0"]
[Thu Jun 11 00:41:01.170916 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:56378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "aiouTXBSW5Z6y_w6HsGXrwAAAA0"]
[Thu Jun 11 00:41:01.172040 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:55472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ARwAAAIs"]
[Thu Jun 11 00:41:01.200058 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:55414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ARgAAAIU"]
[Thu Jun 11 00:41:01.267993 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:56392] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRXAAAAEc"]
[Thu Jun 11 00:41:01.268357 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:56392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRXAAAAEc"]
[Thu Jun 11 00:41:01.285170 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:56402] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AYAAAAIs"]
[Thu Jun 11 00:41:01.285509 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:56402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "aiouTV71v4pS85P4fn_AYAAAAIs"]
[Thu Jun 11 00:41:01.302924 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:55430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRRQAAAFc"]
[Thu Jun 11 00:41:01.304698 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:56410] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yml"] [unique_id "aiouTV71v4pS85P4fn_AYQAAAIU"]
[Thu Jun 11 00:41:01.305209 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:56410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yml"] [unique_id "aiouTV71v4pS85P4fn_AYQAAAIU"]
[Thu Jun 11 00:41:01.331555 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:55434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnBgAAAQE"]
[Thu Jun 11 00:41:01.359526 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:56424] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "aiouTV71v4pS85P4fn_AYgAAAIE"]
[Thu Jun 11 00:41:01.360238 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:56424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "aiouTV71v4pS85P4fn_AYgAAAIE"]
[Thu Jun 11 00:41:01.417378 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:56436] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/k8s.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRXQAAAFc"]
[Thu Jun 11 00:41:01.421309 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:56436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/k8s.yml"] [unique_id "aiouTbXVEMZbaEYG_ywRXQAAAFc"]
[Thu Jun 11 00:41:01.452530 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:56442] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/k8s.yaml"] [unique_id "aiouTdPH5u5NVjul-pmnHwAAAQE"]
[Thu Jun 11 00:41:01.452927 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:56442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/k8s.yaml"] [unique_id "aiouTdPH5u5NVjul-pmnHwAAAQE"]
[Thu Jun 11 00:41:01.533258 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:55446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpMAAAAMA"]
[Thu Jun 11 00:41:01.550269 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:55476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXmAAAAAk"]
[Thu Jun 11 00:41:01.587729 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:55496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ASAAAAJE"]
[Thu Jun 11 00:41:01.606758 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:56490] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfstate"] [unique_id "aiouTaoCcBDhO7fD3wA7cQAAAUM"]
[Thu Jun 11 00:41:01.608354 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:56444] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yaml"] [unique_id "aiouTaoCcBDhO7fD3wA7cgAAAUI"]
[Thu Jun 11 00:41:01.620098 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:56490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfstate"] [unique_id "aiouTaoCcBDhO7fD3wA7cQAAAUM"]
[Thu Jun 11 00:41:01.620120 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:56444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yaml"] [unique_id "aiouTaoCcBDhO7fD3wA7cgAAAUI"]
[Thu Jun 11 00:41:01.620504 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:56478] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7cwAAAUE"]
[Thu Jun 11 00:41:01.621762 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:56478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7cwAAAUE"]
[Thu Jun 11 00:41:01.622256 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:56492] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "aiouTaoCcBDhO7fD3wA7dAAAAUw"]
[Thu Jun 11 00:41:01.624653 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:56492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "aiouTaoCcBDhO7fD3wA7dAAAAUw"]
[Thu Jun 11 00:41:01.625715 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:56498] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dQAAAU4"]
[Thu Jun 11 00:41:01.626469 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:56498] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dQAAAU4"]
[Thu Jun 11 00:41:01.633911 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:56498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dQAAAU4"]
[Thu Jun 11 00:41:01.634719 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:56450] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yml"] [unique_id "aiouTaoCcBDhO7fD3wA7dgAAAU0"]
[Thu Jun 11 00:41:01.635660 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:56450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yml"] [unique_id "aiouTaoCcBDhO7fD3wA7dgAAAU0"]
[Thu Jun 11 00:41:01.636384 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:56502] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dwAAAUU"]
[Thu Jun 11 00:41:01.636657 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:56502] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dwAAAUU"]
[Thu Jun 11 00:41:01.637002 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:56502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7dwAAAUU"]
[Thu Jun 11 00:41:01.637893 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:56462] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "aiouTaoCcBDhO7fD3wA7eAAAAUA"]
[Thu Jun 11 00:41:01.638415 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:56462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "aiouTaoCcBDhO7fD3wA7eAAAAUA"]
[Thu Jun 11 00:41:01.648874 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:56650] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "aiouTc0ej6tAIvUNrGGpSwAAAMA"]
[Thu Jun 11 00:41:01.649187 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:56650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "aiouTc0ej6tAIvUNrGGpSwAAAMA"]
[Thu Jun 11 00:41:01.651134 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:56522] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7eQAAAUY"]
[Thu Jun 11 00:41:01.651352 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:56544] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7egAAAUc"]
[Thu Jun 11 00:41:01.654913 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:56522] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7eQAAAUY"]
[Thu Jun 11 00:41:01.654999 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:56544] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7egAAAUc"]
[Thu Jun 11 00:41:01.655657 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:56564] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7fQAAAVA"]
[Thu Jun 11 00:41:01.657447 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:56544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7egAAAUc"]
[Thu Jun 11 00:41:01.658077 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:56522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7eQAAAUY"]
[Thu Jun 11 00:41:01.659633 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:56582] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7fgAAAVI"]
[Thu Jun 11 00:41:01.660366 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:56534] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7fAAAAUo"]
[Thu Jun 11 00:41:01.660450 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:56564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7fQAAAVA"]
[Thu Jun 11 00:41:01.664373 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:56534] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7fAAAAUo"]
[Thu Jun 11 00:41:01.663686 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:56496] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7ewAAAU8"]
[Thu Jun 11 00:41:01.668050 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:56572] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gAAAAVY"]
[Thu Jun 11 00:41:01.672799 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:56652] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouTXBSW5Z6y_w6HsGXsQAAAAk"]
[Thu Jun 11 00:41:01.672903 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:56652] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouTXBSW5Z6y_w6HsGXsQAAAAk"]
[Thu Jun 11 00:41:01.673285 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:56652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouTXBSW5Z6y_w6HsGXsQAAAAk"]
[Thu Jun 11 00:41:01.676564 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:56582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7fgAAAVI"]
[Thu Jun 11 00:41:01.677604 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:56534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7fAAAAUo"]
[Thu Jun 11 00:41:01.680701 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:56592] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7fwAAAVc"]
[Thu Jun 11 00:41:01.680818 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:56572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gAAAAVY"]
[Thu Jun 11 00:41:01.680907 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:56496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7ewAAAU8"]
[Thu Jun 11 00:41:01.694422 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:56606] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gQAAAVU"]
[Thu Jun 11 00:41:01.696963 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:56592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7fwAAAVc"]
[Thu Jun 11 00:41:01.703240 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:56664] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouTV71v4pS85P4fn_AZQAAAJE"]
[Thu Jun 11 00:41:01.703656 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:56664] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouTV71v4pS85P4fn_AZQAAAJE"]
[Thu Jun 11 00:41:01.704049 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:56664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouTV71v4pS85P4fn_AZQAAAJE"]
[Thu Jun 11 00:41:01.705160 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:56606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gQAAAVU"]
[Thu Jun 11 00:41:01.707239 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:56622] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/site.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7ggAAAVM"]
[Thu Jun 11 00:41:01.707284 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:56648] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/web.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gwAAAVQ"]
[Thu Jun 11 00:41:01.707660 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:56546] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7hQAAAUg"]
[Thu Jun 11 00:41:01.708991 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:56566] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7hwAAAVE"]
[Thu Jun 11 00:41:01.709147 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:56634] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/www.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7hgAAAVg"]
[Thu Jun 11 00:41:01.709951 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:56558] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7hAAAAUk"]
[Thu Jun 11 00:41:01.714950 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:56518] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7iAAAAUs"]
[Thu Jun 11 00:41:01.715355 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:56546] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7hQAAAUg"]
[Thu Jun 11 00:41:01.715307 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:56622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/site.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7ggAAAVM"]
[Thu Jun 11 00:41:01.715917 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:56648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/web.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7gwAAAVQ"]
[Thu Jun 11 00:41:01.716653 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:56634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/www.zip"] [unique_id "aiouTaoCcBDhO7fD3wA7hgAAAVg"]
[Thu Jun 11 00:41:01.717185 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:56566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7hwAAAVE"]
[Thu Jun 11 00:41:01.717604 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:56518] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7iAAAAUs"]
[Thu Jun 11 00:41:01.718297 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:55460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnBwAAAQU"]
[Thu Jun 11 00:41:01.717897 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:56558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.sql.gz"] [unique_id "aiouTaoCcBDhO7fD3wA7hAAAAUk"]
[Thu Jun 11 00:41:01.719297 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:56494] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7iQAAAUQ"]
[Thu Jun 11 00:41:01.719805 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:56546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7hQAAAUg"]
[Thu Jun 11 00:41:01.720221 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:56518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouTaoCcBDhO7fD3wA7iAAAAUs"]
[Thu Jun 11 00:41:01.720633 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:56494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "aiouTaoCcBDhO7fD3wA7iQAAAUQ"]
[Thu Jun 11 00:41:01.801243 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:55488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpMQAAAME"]
[Thu Jun 11 00:41:01.842710 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:56674] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouTdPH5u5NVjul-pmnIQAAAQU"]
[Thu Jun 11 00:41:01.842818 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:56674] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouTdPH5u5NVjul-pmnIQAAAQU"]
[Thu Jun 11 00:41:01.843151 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:56674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouTdPH5u5NVjul-pmnIQAAAQU"]
[Thu Jun 11 00:41:01.913662 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:55520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnCAAAARI"]
[Thu Jun 11 00:41:02.001835 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:55504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRRgAAAEg"]
[Thu Jun 11 00:41:02.022104 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:56684] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouTtPH5u5NVjul-pmnIgAAARI"]
[Thu Jun 11 00:41:02.022289 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:56684] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouTtPH5u5NVjul-pmnIgAAARI"]
[Thu Jun 11 00:41:02.022986 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:56684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouTtPH5u5NVjul-pmnIgAAARI"]
[Thu Jun 11 00:41:02.077811 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:55516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXmQAAAAo"]
[Thu Jun 11 00:41:02.103684 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:55442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXlwAAAAA"]
[Thu Jun 11 00:41:02.111315 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:56694] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouTrXVEMZbaEYG_ywRYgAAAEg"]
[Thu Jun 11 00:41:02.111430 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:56694] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouTrXVEMZbaEYG_ywRYgAAAEg"]
[Thu Jun 11 00:41:02.111809 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:56694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouTrXVEMZbaEYG_ywRYgAAAEg"]
[Thu Jun 11 00:41:02.203735 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:56700] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXswAAAAo"]
[Thu Jun 11 00:41:02.203848 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:56700] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXswAAAAo"]
[Thu Jun 11 00:41:02.204375 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:56700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXswAAAAo"]
[Thu Jun 11 00:41:02.214543 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:56702] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXtAAAAAA"]
[Thu Jun 11 00:41:02.214682 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:56702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXtAAAAAA"]
[Thu Jun 11 00:41:02.215067 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:56702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouTnBSW5Z6y_w6HsGXtAAAAAA"]
[Thu Jun 11 00:41:02.261066 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:55526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpMgAAAMY"]
[Thu Jun 11 00:41:02.276881 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:55534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRRwAAAEU"]
[Thu Jun 11 00:41:02.355047 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:55536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnCQAAAQA"]
[Thu Jun 11 00:41:02.385069 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:56714] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpUAAAAMY"]
[Thu Jun 11 00:41:02.385229 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:56714] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpUAAAAMY"]
[Thu Jun 11 00:41:02.385514 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:56714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpUAAAAMY"]
[Thu Jun 11 00:41:02.442734 2026] [mpm_worker:error] [pid 1897:tid 1897] AH00286: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Thu Jun 11 00:41:02.466017 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:56722] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouTtPH5u5NVjul-pmnJAAAAQA"]
[Thu Jun 11 00:41:02.466156 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:56722] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouTtPH5u5NVjul-pmnJAAAAQA"]
[Thu Jun 11 00:41:02.466512 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:56722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouTtPH5u5NVjul-pmnJAAAAQA"]
[Thu Jun 11 00:41:02.490105 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:55542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpMwAAAMs"]
[Thu Jun 11 00:41:02.578041 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:55566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ASgAAAIg"]
[Thu Jun 11 00:41:02.611178 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:56726] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpVAAAAMs"]
[Thu Jun 11 00:41:02.611342 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:56726] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpVAAAAMs"]
[Thu Jun 11 00:41:02.611974 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:56726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouTs0ej6tAIvUNrGGpVAAAAMs"]
[Thu Jun 11 00:41:02.613078 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:55556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnCgAAAQg"]
[Thu Jun 11 00:41:02.695842 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:56734] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.php"] [unique_id "aiouTl71v4pS85P4fn_AZwAAAIg"]
[Thu Jun 11 00:41:02.696558 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:56734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.php"] [unique_id "aiouTl71v4pS85P4fn_AZwAAAIg"]
[Thu Jun 11 00:41:02.738339 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:56748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.js"] [unique_id "aiouTtPH5u5NVjul-pmnJQAAAQg"]
[Thu Jun 11 00:41:02.739056 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:56748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.js"] [unique_id "aiouTtPH5u5NVjul-pmnJQAAAQg"]
[Thu Jun 11 00:41:02.739312 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:55562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRSAAAAEE"]
[Thu Jun 11 00:41:02.805465 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:55612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ASwAAAIA"]
[Thu Jun 11 00:41:02.855492 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:56760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.json"] [unique_id "aiouTrXVEMZbaEYG_ywRaAAAAEE"]
[Thu Jun 11 00:41:02.855952 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:56760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.json"] [unique_id "aiouTrXVEMZbaEYG_ywRaAAAAEE"]
[Thu Jun 11 00:41:02.858481 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:55592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXmgAAAA4"]
[Thu Jun 11 00:41:02.969063 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:56776] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.yml"] [unique_id "aiouTnBSW5Z6y_w6HsGXtgAAAA4"]
[Thu Jun 11 00:41:02.969373 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:56776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.yml"] [unique_id "aiouTnBSW5Z6y_w6HsGXtgAAAA4"]
[Thu Jun 11 00:41:02.969917 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:55624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnCwAAARc"]
[Thu Jun 11 00:41:03.045043 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:55538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXmwAAAA8"]
[Thu Jun 11 00:41:03.155503 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:56782] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.yaml"] [unique_id "aiouT3BSW5Z6y_w6HsGXtwAAAA8"]
[Thu Jun 11 00:41:03.155882 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:56782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.yaml"] [unique_id "aiouT3BSW5Z6y_w6HsGXtwAAAA8"]
[Thu Jun 11 00:41:03.158461 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:55576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpNQAAAM4"]
[Thu Jun 11 00:41:03.218961 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:55638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXnAAAABc"]
[Thu Jun 11 00:41:03.223973 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:55596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRSQAAAFI"]
[Thu Jun 11 00:41:03.312651 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:56794] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouT80ej6tAIvUNrGGpVwAAAM4"]
[Thu Jun 11 00:41:03.312795 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:56794] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouT80ej6tAIvUNrGGpVwAAAM4"]
[Thu Jun 11 00:41:03.313490 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:56794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouT80ej6tAIvUNrGGpVwAAAM4"]
[Thu Jun 11 00:41:03.331022 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:56800] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.env"] [unique_id "aiouT3BSW5Z6y_w6HsGXuQAAABc"]
[Thu Jun 11 00:41:03.331409 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:56800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.env"] [unique_id "aiouT3BSW5Z6y_w6HsGXuQAAABc"]
[Thu Jun 11 00:41:03.341840 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:56806] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.php"] [unique_id "aiouT7XVEMZbaEYG_ywRbAAAAFI"]
[Thu Jun 11 00:41:03.342204 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:56806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.php"] [unique_id "aiouT7XVEMZbaEYG_ywRbAAAAFI"]
[Thu Jun 11 00:41:03.391755 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:55664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpNgAAANU"]
[Thu Jun 11 00:41:03.428814 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:55648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ATAAAAIo"]
[Thu Jun 11 00:41:03.496414 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:56810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.json"] [unique_id "aiouT80ej6tAIvUNrGGpWQAAANU"]
[Thu Jun 11 00:41:03.496946 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:56810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.json"] [unique_id "aiouT80ej6tAIvUNrGGpWQAAANU"]
[Thu Jun 11 00:41:03.542068 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:56816] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.yml"] [unique_id "aiouT171v4pS85P4fn_AbAAAAIo"]
[Thu Jun 11 00:41:03.542538 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:56816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.yml"] [unique_id "aiouT171v4pS85P4fn_AbAAAAIo"]
[Thu Jun 11 00:41:03.566766 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:55670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRSgAAAEs"]
[Thu Jun 11 00:41:03.575813 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:55674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnDAAAAQ4"]
[Thu Jun 11 00:41:03.687270 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:56820] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.php"] [unique_id "aiouT7XVEMZbaEYG_ywRcAAAAEs"]
[Thu Jun 11 00:41:03.687912 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:56820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.php"] [unique_id "aiouT7XVEMZbaEYG_ywRcAAAAEs"]
[Thu Jun 11 00:41:03.689062 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:55682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpNwAAAMo"]
[Thu Jun 11 00:41:03.689481 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:56834] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.py"] [unique_id "aiouT9PH5u5NVjul-pmnKQAAAQ4"]
[Thu Jun 11 00:41:03.689779 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:56834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.py"] [unique_id "aiouT9PH5u5NVjul-pmnKQAAAQ4"]
[Thu Jun 11 00:41:03.810445 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:55686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ATQAAAJU"]
[Thu Jun 11 00:41:03.840265 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:55672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXnQAAABA"]
[Thu Jun 11 00:41:03.924107 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:56850] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.json"] [unique_id "aiouT171v4pS85P4fn_AbgAAAJU"]
[Thu Jun 11 00:41:03.924470 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:56850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.json"] [unique_id "aiouT171v4pS85P4fn_AbgAAAJU"]
[Thu Jun 11 00:41:03.956517 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:56858] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.yml"] [unique_id "aiouT3BSW5Z6y_w6HsGXuwAAABA"]
[Thu Jun 11 00:41:03.957075 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:56858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.yml"] [unique_id "aiouT3BSW5Z6y_w6HsGXuwAAABA"]
[Thu Jun 11 00:41:03.971775 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:55688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRTAAAAEo"]
[Thu Jun 11 00:41:04.025996 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:55718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXngAAABQ"]
[Thu Jun 11 00:41:04.092916 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:56872] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouULXVEMZbaEYG_ywRdAAAAEo"]
[Thu Jun 11 00:41:04.093034 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:56872] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouULXVEMZbaEYG_ywRdAAAAEo"]
[Thu Jun 11 00:41:04.093448 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:56872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouULXVEMZbaEYG_ywRdAAAAEo"]
[Thu Jun 11 00:41:04.126294 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:55690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnDQAAAQw"]
[Thu Jun 11 00:41:04.137740 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:56880] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.yml"] [unique_id "aiouUHBSW5Z6y_w6HsGXvAAAABQ"]
[Thu Jun 11 00:41:04.138135 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:56880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.yml"] [unique_id "aiouUHBSW5Z6y_w6HsGXvAAAABQ"]
[Thu Jun 11 00:41:04.229169 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:55726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_ATgAAAI4"]
[Thu Jun 11 00:41:04.240467 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:56890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.yaml"] [unique_id "aiouUNPH5u5NVjul-pmnKwAAAQw"]
[Thu Jun 11 00:41:04.240864 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:56890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.yaml"] [unique_id "aiouUNPH5u5NVjul-pmnKwAAAQw"]
[Thu Jun 11 00:41:04.247047 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:55706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpOAAAANc"]
[Thu Jun 11 00:41:04.359083 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:56896] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.properties"] [unique_id "aiouUM0ej6tAIvUNrGGpXAAAANc"]
[Thu Jun 11 00:41:04.359502 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:56896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.properties"] [unique_id "aiouUM0ej6tAIvUNrGGpXAAAANc"]
[Thu Jun 11 00:41:04.416303 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:55752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnDgAAAQo"]
[Thu Jun 11 00:41:04.433296 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:55764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXnwAAAAw"]
[Thu Jun 11 00:41:04.533280 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:56910] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.json"] [unique_id "aiouUNPH5u5NVjul-pmnLQAAAQo"]
[Thu Jun 11 00:41:04.533729 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:56910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.json"] [unique_id "aiouUNPH5u5NVjul-pmnLQAAAQo"]
[Thu Jun 11 00:41:04.546234 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:55780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpOQAAAMQ"]
[Thu Jun 11 00:41:04.548124 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:56918] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.json"] [unique_id "aiouUHBSW5Z6y_w6HsGXvgAAAAw"]
[Thu Jun 11 00:41:04.548611 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:56918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.json"] [unique_id "aiouUHBSW5Z6y_w6HsGXvgAAAAw"]
[Thu Jun 11 00:41:04.614815 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:55816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpOgAAANg"]
[Thu Jun 11 00:41:04.634388 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:55784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRTwAAAFY"]
[Thu Jun 11 00:41:04.663819 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:56934] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.yaml"] [unique_id "aiouUM0ej6tAIvUNrGGpXgAAAMQ"]
[Thu Jun 11 00:41:04.664426 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:56934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.yaml"] [unique_id "aiouUM0ej6tAIvUNrGGpXgAAAMQ"]
[Thu Jun 11 00:41:04.727280 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:56946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.yml"] [unique_id "aiouUM0ej6tAIvUNrGGpXwAAANg"]
[Thu Jun 11 00:41:04.727730 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:56946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.yml"] [unique_id "aiouUM0ej6tAIvUNrGGpXwAAANg"]
[Thu Jun 11 00:41:04.778610 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:55788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnDwAAAQQ"]
[Thu Jun 11 00:41:04.786238 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:56952] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.json"] [unique_id "aiouULXVEMZbaEYG_ywReQAAAFY"]
[Thu Jun 11 00:41:04.786716 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:56952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.json"] [unique_id "aiouULXVEMZbaEYG_ywReQAAAFY"]
[Thu Jun 11 00:41:04.831211 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:55802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXoAAAAAc"]
[Thu Jun 11 00:41:04.894762 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:56964] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "aiouUNPH5u5NVjul-pmnLwAAAQQ"]
[Thu Jun 11 00:41:04.895234 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:56964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "aiouUNPH5u5NVjul-pmnLwAAAQQ"]
[Thu Jun 11 00:41:04.927019 2026] [security2:error] [pid 22855:tid 22869] [client 34.106.8.40:55824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AUAAAAIM"]
[Thu Jun 11 00:41:04.943178 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:56978] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "aiouUHBSW5Z6y_w6HsGXvwAAAAc"]
[Thu Jun 11 00:41:04.943604 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:56978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "aiouUHBSW5Z6y_w6HsGXvwAAAAc"]
[Thu Jun 11 00:41:04.966433 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:55738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRTQAAAFU"]
[Thu Jun 11 00:41:04.972345 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:55834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRUAAAAFQ"]
[Thu Jun 11 00:41:05.018120 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:56982] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.yml"] [unique_id "aiouUbXVEMZbaEYG_ywRfQAAAE0"]
[Thu Jun 11 00:41:05.018520 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:56982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.yml"] [unique_id "aiouUbXVEMZbaEYG_ywRfQAAAE0"]
[Thu Jun 11 00:41:05.083990 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:56996] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.yaml"] [unique_id "aiouUbXVEMZbaEYG_ywRfgAAAFU"]
[Thu Jun 11 00:41:05.084483 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:56996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.yaml"] [unique_id "aiouUbXVEMZbaEYG_ywRfgAAAFU"]
[Thu Jun 11 00:41:05.095128 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:57000] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.php"] [unique_id "aiouUbXVEMZbaEYG_ywRfwAAAFQ"]
[Thu Jun 11 00:41:05.095524 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:57000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.php"] [unique_id "aiouUbXVEMZbaEYG_ywRfwAAAFQ"]
[Thu Jun 11 00:41:05.158393 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:55846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpOwAAAM8"]
[Thu Jun 11 00:41:05.193484 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:55848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXoQAAABE"]
[Thu Jun 11 00:41:05.272455 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:57006] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouUc0ej6tAIvUNrGGpYgAAAM8"]
[Thu Jun 11 00:41:05.272652 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:57006] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouUc0ej6tAIvUNrGGpYgAAAM8"]
[Thu Jun 11 00:41:05.272929 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:57006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouUc0ej6tAIvUNrGGpYgAAAM8"]
[Thu Jun 11 00:41:05.298170 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:55844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnEQAAARE"]
[Thu Jun 11 00:41:05.324498 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:55864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AUQAAAJg"]
[Thu Jun 11 00:41:05.348372 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:57008] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.yaml"] [unique_id "aiouUXBSW5Z6y_w6HsGXwQAAABE"]
[Thu Jun 11 00:41:05.348716 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:57008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.yaml"] [unique_id "aiouUXBSW5Z6y_w6HsGXwQAAABE"]
[Thu Jun 11 00:41:05.350942 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:55904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXogAAAAg"]
[Thu Jun 11 00:41:05.415908 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:57020] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.php"] [unique_id "aiouUdPH5u5NVjul-pmnMQAAARE"]
[Thu Jun 11 00:41:05.416309 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:57020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.php"] [unique_id "aiouUdPH5u5NVjul-pmnMQAAARE"]
[Thu Jun 11 00:41:05.476030 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:57036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.json"] [unique_id "aiouUV71v4pS85P4fn_AdAAAAJg"]
[Thu Jun 11 00:41:05.477844 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:57036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.json"] [unique_id "aiouUV71v4pS85P4fn_AdAAAAJg"]
[Thu Jun 11 00:41:05.497377 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:57044] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouUXBSW5Z6y_w6HsGXwwAAAAg"]
[Thu Jun 11 00:41:05.497510 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:57044] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouUXBSW5Z6y_w6HsGXwwAAAAg"]
[Thu Jun 11 00:41:05.497954 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:57044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouUXBSW5Z6y_w6HsGXwwAAAAg"]
[Thu Jun 11 00:41:05.528337 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:55890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpPAAAAM0"]
[Thu Jun 11 00:41:05.537239 2026] [security2:error] [pid 22855:tid 22881] [client 34.106.8.40:55910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AUgAAAI8"]
[Thu Jun 11 00:41:05.640204 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:57048] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.php"] [unique_id "aiouUc0ej6tAIvUNrGGpYwAAAM0"]
[Thu Jun 11 00:41:05.640923 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:57048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.php"] [unique_id "aiouUc0ej6tAIvUNrGGpYwAAAM0"]
[Thu Jun 11 00:41:05.647473 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:55934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXowAAABM"]
[Thu Jun 11 00:41:05.653915 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:55866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRUQAAAEM"]
[Thu Jun 11 00:41:05.697433 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:55878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnEgAAARY"]
[Thu Jun 11 00:41:05.759137 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:57050] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.json"] [unique_id "aiouUXBSW5Z6y_w6HsGXxAAAABM"]
[Thu Jun 11 00:41:05.760920 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:57050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.json"] [unique_id "aiouUXBSW5Z6y_w6HsGXxAAAABM"]
[Thu Jun 11 00:41:05.772039 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:57052] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.yml"] [unique_id "aiouUbXVEMZbaEYG_ywRhAAAAEM"]
[Thu Jun 11 00:41:05.772547 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:57052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.yml"] [unique_id "aiouUbXVEMZbaEYG_ywRhAAAAEM"]
[Thu Jun 11 00:41:05.808993 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:57068] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.json"] [unique_id "aiouUdPH5u5NVjul-pmnMgAAARY"]
[Thu Jun 11 00:41:05.809383 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:57068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.json"] [unique_id "aiouUdPH5u5NVjul-pmnMgAAARY"]
[Thu Jun 11 00:41:05.880063 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:55922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnEwAAAQY"]
[Thu Jun 11 00:41:05.904305 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:55920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRUgAAAFA"]
[Thu Jun 11 00:41:05.986760 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:55946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpPQAAANY"]
[Thu Jun 11 00:41:05.987754 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:55954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRUwAAAEY"]
[Thu Jun 11 00:41:05.988608 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:55944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AUwAAAIQ"]
[Thu Jun 11 00:41:05.995517 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:57080] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.yml"] [unique_id "aiouUdPH5u5NVjul-pmnNAAAAQY"]
[Thu Jun 11 00:41:05.995890 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:57080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.yml"] [unique_id "aiouUdPH5u5NVjul-pmnNAAAAQY"]
[Thu Jun 11 00:41:06.044215 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:57094] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.yaml"] [unique_id "aiouUrXVEMZbaEYG_ywRhgAAAFA"]
[Thu Jun 11 00:41:06.044777 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:57094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.yaml"] [unique_id "aiouUrXVEMZbaEYG_ywRhgAAAFA"]
[Thu Jun 11 00:41:06.104671 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:57098] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.yml"] [unique_id "aiouUrXVEMZbaEYG_ywRiAAAAEY"]
[Thu Jun 11 00:41:06.105157 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:57098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.yml"] [unique_id "aiouUrXVEMZbaEYG_ywRiAAAAEY"]
[Thu Jun 11 00:41:06.106177 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:57096] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.json"] [unique_id "aiouUl71v4pS85P4fn_AdgAAAIQ"]
[Thu Jun 11 00:41:06.106740 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:57096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.json"] [unique_id "aiouUl71v4pS85P4fn_AdgAAAIQ"]
[Thu Jun 11 00:41:06.136505 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:57102] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.yaml"] [unique_id "aiouUs0ej6tAIvUNrGGpZAAAANY"]
[Thu Jun 11 00:41:06.137179 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:57102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.yaml"] [unique_id "aiouUs0ej6tAIvUNrGGpZAAAANY"]
[Thu Jun 11 00:41:06.251824 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:55966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnFAAAARQ"]
[Thu Jun 11 00:41:06.259178 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:55976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXpAAAAAY"]
[Thu Jun 11 00:41:06.307115 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:56016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXpQAAABI"]
[Thu Jun 11 00:41:06.314560 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:55990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AVQAAAJY"]
[Thu Jun 11 00:41:06.318685 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:56010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnFQAAAQc"]
[Thu Jun 11 00:41:06.370215 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:57110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.env"] [unique_id "aiouUtPH5u5NVjul-pmnNQAAARQ"]
[Thu Jun 11 00:41:06.370609 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:57110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.env"] [unique_id "aiouUtPH5u5NVjul-pmnNQAAARQ"]
[Thu Jun 11 00:41:06.415274 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:57120] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secret.json"] [unique_id "aiouUnBSW5Z6y_w6HsGXxgAAAAY"]
[Thu Jun 11 00:41:06.415789 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:57120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secret.json"] [unique_id "aiouUnBSW5Z6y_w6HsGXxgAAAAY"]
[Thu Jun 11 00:41:06.432444 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:57124] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private.json"] [unique_id "aiouUl71v4pS85P4fn_AdwAAAJY"]
[Thu Jun 11 00:41:06.432941 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:57124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private.json"] [unique_id "aiouUl71v4pS85P4fn_AdwAAAJY"]
[Thu Jun 11 00:41:06.434513 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:57126] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/keys.json"] [unique_id "aiouUtPH5u5NVjul-pmnNgAAAQc"]
[Thu Jun 11 00:41:06.434931 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:57126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/keys.json"] [unique_id "aiouUtPH5u5NVjul-pmnNgAAAQc"]
[Thu Jun 11 00:41:06.546206 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:55996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVAAAAEk"]
[Thu Jun 11 00:41:06.555984 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:55986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpPgAAANQ"]
[Thu Jun 11 00:41:06.578794 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:56042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AVgAAAJQ"]
[Thu Jun 11 00:41:06.623773 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:56058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXpwAAAAE"]
[Thu Jun 11 00:41:06.664997 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:57132] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api_keys.json"] [unique_id "aiouUrXVEMZbaEYG_ywRiwAAAEk"]
[Thu Jun 11 00:41:06.665386 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:57132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api_keys.json"] [unique_id "aiouUrXVEMZbaEYG_ywRiwAAAEk"]
[Thu Jun 11 00:41:06.669045 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:57148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api-keys.json"] [unique_id "aiouUs0ej6tAIvUNrGGpZQAAANQ"]
[Thu Jun 11 00:41:06.669359 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:57148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api-keys.json"] [unique_id "aiouUs0ej6tAIvUNrGGpZQAAANQ"]
[Thu Jun 11 00:41:06.678847 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:56032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpPwAAAMc"]
[Thu Jun 11 00:41:06.696365 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:57156] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api_keys.yml"] [unique_id "aiouUl71v4pS85P4fn_AeAAAAJQ"]
[Thu Jun 11 00:41:06.696761 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:57156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api_keys.yml"] [unique_id "aiouUl71v4pS85P4fn_AeAAAAJQ"]
[Thu Jun 11 00:41:06.727175 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:57164] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.json"] [unique_id "aiouUnBSW5Z6y_w6HsGXyAAAAAE"]
[Thu Jun 11 00:41:06.727645 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:57164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.json"] [unique_id "aiouUnBSW5Z6y_w6HsGXyAAAAAE"]
[Thu Jun 11 00:41:06.790379 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:57170] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.yml"] [unique_id "aiouUs0ej6tAIvUNrGGpZgAAAMc"]
[Thu Jun 11 00:41:06.790863 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:57170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.yml"] [unique_id "aiouUs0ej6tAIvUNrGGpZgAAAMc"]
[Thu Jun 11 00:41:06.882739 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:56062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpQAAAAMw"]
[Thu Jun 11 00:41:06.904903 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:56072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AVwAAAJA"]
[Thu Jun 11 00:41:06.924017 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:56050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVQAAAEI"]
[Thu Jun 11 00:41:06.940948 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:56068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVgAAAFg"]
[Thu Jun 11 00:41:06.982747 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:56052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnFgAAARM"]
[Thu Jun 11 00:41:06.994599 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:57176] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZwAAAMw"]
[Thu Jun 11 00:41:06.995185 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:57176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZwAAAMw"]
[Thu Jun 11 00:41:07.016114 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:57184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/settings.json"] [unique_id "aiouU171v4pS85P4fn_AeQAAAJA"]
[Thu Jun 11 00:41:07.016528 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:57184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/settings.json"] [unique_id "aiouU171v4pS85P4fn_AeQAAAJA"]
[Thu Jun 11 00:41:07.036944 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:57188] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/settings.yml"] [unique_id "aiouU7XVEMZbaEYG_ywRjQAAAEI"]
[Thu Jun 11 00:41:07.037779 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:57188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/settings.yml"] [unique_id "aiouU7XVEMZbaEYG_ywRjQAAAEI"]
[Thu Jun 11 00:41:07.047078 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:57196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouU7XVEMZbaEYG_ywRjgAAAFg"]
[Thu Jun 11 00:41:07.047229 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:57196] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /api/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouU7XVEMZbaEYG_ywRjgAAAFg"]
[Thu Jun 11 00:41:07.047465 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:57196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouU7XVEMZbaEYG_ywRjgAAAFg"]
[Thu Jun 11 00:41:07.095229 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:57212] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/database.php"] [unique_id "aiouU9PH5u5NVjul-pmnOQAAARM"]
[Thu Jun 11 00:41:07.095683 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:57212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/database.php"] [unique_id "aiouU9PH5u5NVjul-pmnOQAAARM"]
[Thu Jun 11 00:41:07.214541 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:56096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXqAAAABg"]
[Thu Jun 11 00:41:07.230281 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:56080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnFwAAARg"]
[Thu Jun 11 00:41:07.241404 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:56108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpQQAAAMI"]
[Thu Jun 11 00:41:07.288921 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:56114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTF71v4pS85P4fn_AWAAAAIY"]
[Thu Jun 11 00:41:07.293447 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:56118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTLXVEMZbaEYG_ywRVwAAAEQ"]
[Thu Jun 11 00:41:07.345919 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:57226] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/application.yml"] [unique_id "aiouU9PH5u5NVjul-pmnOgAAARg"]
[Thu Jun 11 00:41:07.346347 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:57226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/application.yml"] [unique_id "aiouU9PH5u5NVjul-pmnOgAAARg"]
[Thu Jun 11 00:41:07.356672 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:57234] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/application.properties"] [unique_id "aiouU80ej6tAIvUNrGGpaAAAAMI"]
[Thu Jun 11 00:41:07.356973 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:57234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/application.properties"] [unique_id "aiouU80ej6tAIvUNrGGpaAAAAMI"]
[Thu Jun 11 00:41:07.366653 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:57248] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/appsettings.json"] [unique_id "aiouU3BSW5Z6y_w6HsGXygAAABg"]
[Thu Jun 11 00:41:07.366915 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:57248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/appsettings.json"] [unique_id "aiouU3BSW5Z6y_w6HsGXygAAABg"]
[Thu Jun 11 00:41:07.403984 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:57250] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouU171v4pS85P4fn_AegAAAIY"]
[Thu Jun 11 00:41:07.404439 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:57250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouU171v4pS85P4fn_AegAAAIY"]
[Thu Jun 11 00:41:07.513230 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:56122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTNPH5u5NVjul-pmnGAAAAQk"]
[Thu Jun 11 00:41:07.525971 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:56150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTM0ej6tAIvUNrGGpQgAAANI"]
[Thu Jun 11 00:41:07.557632 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:56124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTHBSW5Z6y_w6HsGXqQAAABY"]
[Thu Jun 11 00:41:07.596500 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:56160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTbXVEMZbaEYG_ywRWQAAAFM"]
[Thu Jun 11 00:41:07.597617 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:56134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AWQAAAIc"]
[Thu Jun 11 00:41:07.630744 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:57260] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/secrets.json"] [unique_id "aiouU9PH5u5NVjul-pmnPAAAAQk"]
[Thu Jun 11 00:41:07.631160 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:57260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/secrets.json"] [unique_id "aiouU9PH5u5NVjul-pmnPAAAAQk"]
[Thu Jun 11 00:41:07.638385 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:57272] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/keys.json"] [unique_id "aiouU80ej6tAIvUNrGGpaQAAANI"]
[Thu Jun 11 00:41:07.638841 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:57272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/keys.json"] [unique_id "aiouU80ej6tAIvUNrGGpaQAAANI"]
[Thu Jun 11 00:41:07.673520 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:57286] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/parameters.yml"] [unique_id "aiouU3BSW5Z6y_w6HsGXzAAAABY"]
[Thu Jun 11 00:41:07.673943 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:57286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/parameters.yml"] [unique_id "aiouU3BSW5Z6y_w6HsGXzAAAABY"]
[Thu Jun 11 00:41:07.710299 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:57292] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/config.json"] [unique_id "aiouU7XVEMZbaEYG_ywRkgAAAFM"]
[Thu Jun 11 00:41:07.710737 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:57292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/config.json"] [unique_id "aiouU7XVEMZbaEYG_ywRkgAAAFM"]
[Thu Jun 11 00:41:07.722848 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:57304] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "aiouU171v4pS85P4fn_AewAAAIc"]
[Thu Jun 11 00:41:07.723314 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:57304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "aiouU171v4pS85P4fn_AewAAAIc"]
[Thu Jun 11 00:41:07.790112 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:56166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnGQAAAQ8"]
[Thu Jun 11 00:41:07.874614 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:56194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AWgAAAJI"]
[Thu Jun 11 00:41:07.880385 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:56176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXqgAAABU"]
[Thu Jun 11 00:41:07.901814 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:57318] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/config.json"] [unique_id "aiouU9PH5u5NVjul-pmnPQAAAQ8"]
[Thu Jun 11 00:41:07.902333 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:57318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/config.json"] [unique_id "aiouU9PH5u5NVjul-pmnPQAAAQ8"]
[Thu Jun 11 00:41:07.912373 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:56198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTbXVEMZbaEYG_ywRWgAAAFE"]
[Thu Jun 11 00:41:07.957680 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:56186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpQwAAANA"]
[Thu Jun 11 00:41:07.990097 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:57320] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "aiouU3BSW5Z6y_w6HsGXzQAAABU"]
[Thu Jun 11 00:41:07.990688 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:57320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "aiouU3BSW5Z6y_w6HsGXzQAAABU"]
[Thu Jun 11 00:41:08.071338 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:57330] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.php"] [unique_id "aiouVM0ej6tAIvUNrGGpagAAANA"]
[Thu Jun 11 00:41:08.071901 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:57330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.php"] [unique_id "aiouVM0ej6tAIvUNrGGpagAAANA"]
[Thu Jun 11 00:41:08.135608 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:56222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXqwAAAAI"]
[Thu Jun 11 00:41:08.173882 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:56226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpRAAAAMU"]
[Thu Jun 11 00:41:08.184137 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:56214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnGgAAAQM"]
[Thu Jun 11 00:41:08.213952 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:57342] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.json"] [unique_id "aiouVF71v4pS85P4fn_AfQAAAJI"]
[Thu Jun 11 00:41:08.214373 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:57342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.json"] [unique_id "aiouVF71v4pS85P4fn_AfQAAAJI"]
[Thu Jun 11 00:41:08.293150 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:57362] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/settings.php"] [unique_id "aiouVHBSW5Z6y_w6HsGXzwAAAAI"]
[Thu Jun 11 00:41:08.293566 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:57362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/settings.php"] [unique_id "aiouVHBSW5Z6y_w6HsGXzwAAAAI"]
[Thu Jun 11 00:41:08.300037 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:57352] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.yml"] [unique_id "aiouVM0ej6tAIvUNrGGpawAAAMU"]
[Thu Jun 11 00:41:08.300462 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:57352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.yml"] [unique_id "aiouVM0ej6tAIvUNrGGpawAAAMU"]
[Thu Jun 11 00:41:08.300675 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:56242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTbXVEMZbaEYG_ywRWwAAAEw"]
[Thu Jun 11 00:41:08.313068 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:57368] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/settings.json"] [unique_id "aiouVNPH5u5NVjul-pmnPwAAAQM"]
[Thu Jun 11 00:41:08.313461 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:57368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/settings.json"] [unique_id "aiouVNPH5u5NVjul-pmnPwAAAQM"]
[Thu Jun 11 00:41:08.316925 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:56238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AWwAAAJc"]
[Thu Jun 11 00:41:08.385611 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:57384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/database.php"] [unique_id "aiouVF71v4pS85P4fn_AfgAAAJc"]
[Thu Jun 11 00:41:08.386204 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:57384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/database.php"] [unique_id "aiouVF71v4pS85P4fn_AfgAAAJc"]
[Thu Jun 11 00:41:08.412417 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:57396] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouVLXVEMZbaEYG_ywRlgAAAEw"]
[Thu Jun 11 00:41:08.412729 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:57396] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /app/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouVLXVEMZbaEYG_ywRlgAAAEw"]
[Thu Jun 11 00:41:08.413168 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:57396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouVLXVEMZbaEYG_ywRlgAAAEw"]
[Thu Jun 11 00:41:08.553892 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:56250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXrAAAAAU"]
[Thu Jun 11 00:41:08.562257 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:56260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpRQAAANM"]
[Thu Jun 11 00:41:08.612939 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnGwAAAQ0"]
[Thu Jun 11 00:41:08.626636 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:56284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnHAAAARU"]
[Thu Jun 11 00:41:08.629900 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:52242] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/actuator/logfile"] [unique_id "aiouVHBSW5Z6y_w6HsGX0QAAAAU"]
[Thu Jun 11 00:41:08.630274 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:52242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/actuator/logfile"] [unique_id "aiouVHBSW5Z6y_w6HsGX0QAAAAU"]
[Thu Jun 11 00:41:08.677438 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:57412] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/credentials.json"] [unique_id "aiouVM0ej6tAIvUNrGGpbAAAANM"]
[Thu Jun 11 00:41:08.678184 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:57412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/credentials.json"] [unique_id "aiouVM0ej6tAIvUNrGGpbAAAANM"]
[Thu Jun 11 00:41:08.762121 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:57422] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/secrets.json"] [unique_id "aiouVNPH5u5NVjul-pmnQQAAAQ0"]
[Thu Jun 11 00:41:08.762727 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:57422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/secrets.json"] [unique_id "aiouVNPH5u5NVjul-pmnQQAAAQ0"]
[Thu Jun 11 00:41:08.776753 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:57424] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/application.yml"] [unique_id "aiouVNPH5u5NVjul-pmnQgAAARU"]
[Thu Jun 11 00:41:08.777209 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:57424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/application.yml"] [unique_id "aiouVNPH5u5NVjul-pmnQgAAARU"]
[Thu Jun 11 00:41:08.817063 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:57426] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/application.properties"] [unique_id "aiouVM0ej6tAIvUNrGGpbQAAAME"]
[Thu Jun 11 00:41:08.817512 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:57426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/application.properties"] [unique_id "aiouVM0ej6tAIvUNrGGpbQAAAME"]
[Thu Jun 11 00:41:08.862664 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:56276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AXAAAAJM"]
[Thu Jun 11 00:41:08.911908 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:56304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpRgAAAMg"]
[Thu Jun 11 00:41:08.916251 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:56326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnHQAAAQs"]
[Thu Jun 11 00:41:08.916912 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:56294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXrQAAAAM"]
[Thu Jun 11 00:41:08.922842 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:56318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AXQAAAI0"]
[Thu Jun 11 00:41:08.978307 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:57440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/parameters.yml"] [unique_id "aiouVF71v4pS85P4fn_AgAAAAJM"]
[Thu Jun 11 00:41:08.978747 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:57440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/parameters.yml"] [unique_id "aiouVF71v4pS85P4fn_AgAAAAJM"]
[Thu Jun 11 00:41:09.027779 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:57450] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.php"] [unique_id "aiouVc0ej6tAIvUNrGGpbgAAAMg"]
[Thu Jun 11 00:41:09.028239 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:57450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.php"] [unique_id "aiouVc0ej6tAIvUNrGGpbgAAAMg"]
[Thu Jun 11 00:41:09.030012 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:57462] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.json"] [unique_id "aiouVXBSW5Z6y_w6HsGX0gAAAAM"]
[Thu Jun 11 00:41:09.030331 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:57462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.json"] [unique_id "aiouVXBSW5Z6y_w6HsGX0gAAAAM"]
[Thu Jun 11 00:41:09.036549 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:57474] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.yml"] [unique_id "aiouVdPH5u5NVjul-pmnQwAAAQs"]
[Thu Jun 11 00:41:09.036918 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:57474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.yml"] [unique_id "aiouVdPH5u5NVjul-pmnQwAAAQs"]
[Thu Jun 11 00:41:09.043231 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:57480] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.php"] [unique_id "aiouVV71v4pS85P4fn_AgQAAAI0"]
[Thu Jun 11 00:41:09.043630 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:57480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.php"] [unique_id "aiouVV71v4pS85P4fn_AgQAAAI0"]
[Thu Jun 11 00:41:09.096329 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:57496] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.py"] [unique_id "aiouVV71v4pS85P4fn_AggAAAIA"]
[Thu Jun 11 00:41:09.096845 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:57496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.py"] [unique_id "aiouVV71v4pS85P4fn_AggAAAIA"]
[Thu Jun 11 00:41:09.097537 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:56344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpRwAAAMk"]
[Thu Jun 11 00:41:09.098999 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:52252] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "aiouVc0ej6tAIvUNrGGpbwAAAMk"]
[Thu Jun 11 00:41:09.099353 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:52252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "aiouVc0ej6tAIvUNrGGpbwAAAMk"]
[Thu Jun 11 00:41:09.150837 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:56352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AXgAAAIw"]
[Thu Jun 11 00:41:09.154854 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:52268] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AgwAAAIw"]
[Thu Jun 11 00:41:09.155207 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:52268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AgwAAAIw"]
[Thu Jun 11 00:41:09.170544 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:56366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnHgAAARA"]
[Thu Jun 11 00:41:09.172511 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:52280] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "aiouVdPH5u5NVjul-pmnRQAAARA"]
[Thu Jun 11 00:41:09.173047 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:52280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "aiouVdPH5u5NVjul-pmnRQAAARA"]
[Thu Jun 11 00:41:09.173882 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:56336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXrgAAAAs"]
[Thu Jun 11 00:41:09.177342 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:52296] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "aiouVXBSW5Z6y_w6HsGX1AAAAAs"]
[Thu Jun 11 00:41:09.177697 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:52296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "aiouVXBSW5Z6y_w6HsGX1AAAAAs"]
[Thu Jun 11 00:41:09.189854 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:56384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AXwAAAIk"]
[Thu Jun 11 00:41:09.235537 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:57498] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.json"] [unique_id "aiouVV71v4pS85P4fn_AhAAAAIk"]
[Thu Jun 11 00:41:09.236004 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:57498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.json"] [unique_id "aiouVV71v4pS85P4fn_AhAAAAIk"]
[Thu Jun 11 00:41:09.250267 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:57500] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/database.php"] [unique_id "aiouVc0ej6tAIvUNrGGpcAAAAMo"]
[Thu Jun 11 00:41:09.250755 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:57500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/database.php"] [unique_id "aiouVc0ej6tAIvUNrGGpcAAAAMo"]
[Thu Jun 11 00:41:09.365689 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:52298] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRmwAAAEU"]
[Thu Jun 11 00:41:09.366189 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:52298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRmwAAAEU"]
[Thu Jun 11 00:41:09.402406 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:56392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTbXVEMZbaEYG_ywRXAAAAEc"]
[Thu Jun 11 00:41:09.424663 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:56402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AYAAAAIs"]
[Thu Jun 11 00:41:09.426778 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:52304] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AhQAAAIs"]
[Thu Jun 11 00:41:09.427338 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:52304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AhQAAAIs"]
[Thu Jun 11 00:41:09.431055 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:56378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXrwAAAA0"]
[Thu Jun 11 00:41:09.443897 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:57510] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRnAAAAEc"]
[Thu Jun 11 00:41:09.444052 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:57510] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /backend/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRnAAAAEc"]
[Thu Jun 11 00:41:09.444411 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:57510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRnAAAAEc"]
[Thu Jun 11 00:41:09.445338 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:56410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AYQAAAIU"]
[Thu Jun 11 00:41:09.472713 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:57526] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/credentials.json"] [unique_id "aiouVXBSW5Z6y_w6HsGX1QAAAA0"]
[Thu Jun 11 00:41:09.473122 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:57526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/credentials.json"] [unique_id "aiouVXBSW5Z6y_w6HsGX1QAAAA0"]
[Thu Jun 11 00:41:09.484325 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:57538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/secrets.json"] [unique_id "aiouVV71v4pS85P4fn_AhgAAAIU"]
[Thu Jun 11 00:41:09.484715 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:57538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/secrets.json"] [unique_id "aiouVV71v4pS85P4fn_AhgAAAIU"]
[Thu Jun 11 00:41:09.514107 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:56424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AYgAAAIE"]
[Thu Jun 11 00:41:09.516072 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:52316] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AhwAAAIE"]
[Thu Jun 11 00:41:09.516735 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:52316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "aiouVV71v4pS85P4fn_AhwAAAIE"]
[Thu Jun 11 00:41:09.681681 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:56492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7dAAAAUw"]
[Thu Jun 11 00:41:09.684823 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:52332] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7igAAAUw"]
[Thu Jun 11 00:41:09.685375 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:52332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7igAAAUw"]
[Thu Jun 11 00:41:09.704778 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:56436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTbXVEMZbaEYG_ywRXQAAAFc"]
[Thu Jun 11 00:41:09.710846 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:56490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7cQAAAUM"]
[Thu Jun 11 00:41:09.711882 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:56442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnHwAAAQE"]
[Thu Jun 11 00:41:09.714437 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:52340] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRnwAAAFc"]
[Thu Jun 11 00:41:09.714829 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:52340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yml"] [unique_id "aiouVbXVEMZbaEYG_ywRnwAAAFc"]
[Thu Jun 11 00:41:09.753659 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:57550] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/application.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7iwAAAUM"]
[Thu Jun 11 00:41:09.754097 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:57550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/application.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7iwAAAUM"]
[Thu Jun 11 00:41:09.760270 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:56478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7cwAAAUE"]
[Thu Jun 11 00:41:09.762868 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:52352] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jAAAAUE"]
[Thu Jun 11 00:41:09.763230 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:52352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jAAAAUE"]
[Thu Jun 11 00:41:09.825116 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:57564] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/application.properties"] [unique_id "aiouVbXVEMZbaEYG_ywRoAAAAEA"]
[Thu Jun 11 00:41:09.825515 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:57564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/application.properties"] [unique_id "aiouVbXVEMZbaEYG_ywRoAAAAEA"]
[Thu Jun 11 00:41:09.945027 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:56450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7dgAAAU0"]
[Thu Jun 11 00:41:09.946602 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:56498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7dQAAAU4"]
[Thu Jun 11 00:41:09.949277 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:52364] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/k8s.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7jQAAAU4"]
[Thu Jun 11 00:41:09.950218 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:52364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/k8s.yml"] [unique_id "aiouVaoCcBDhO7fD3wA7jQAAAU4"]
[Thu Jun 11 00:41:09.973615 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:56444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7cgAAAUI"]
[Thu Jun 11 00:41:09.976543 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:52380] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/k8s.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jgAAAUI"]
[Thu Jun 11 00:41:09.976951 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:52380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/k8s.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jgAAAUI"]
[Thu Jun 11 00:41:09.979880 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:56502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7dwAAAUU"]
[Thu Jun 11 00:41:09.983428 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:52392] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jwAAAUU"]
[Thu Jun 11 00:41:09.983789 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:52392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yaml"] [unique_id "aiouVaoCcBDhO7fD3wA7jwAAAUU"]
[Thu Jun 11 00:41:10.031786 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:56462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7eAAAAUA"]
[Thu Jun 11 00:41:10.035432 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:52398] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yml"] [unique_id "aiouVqoCcBDhO7fD3wA7kQAAAUA"]
[Thu Jun 11 00:41:10.035873 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:52398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values.yml"] [unique_id "aiouVqoCcBDhO7fD3wA7kQAAAUA"]
[Thu Jun 11 00:41:10.047983 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:52414] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "aiouVtPH5u5NVjul-pmnRwAAARc"]
[Thu Jun 11 00:41:10.048424 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:52414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "aiouVtPH5u5NVjul-pmnRwAAARc"]
[Thu Jun 11 00:41:10.186443 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:56650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTc0ej6tAIvUNrGGpSwAAAMA"]
[Thu Jun 11 00:41:10.189456 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:52420] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfvars"] [unique_id "aiouVs0ej6tAIvUNrGGpcQAAAMA"]
[Thu Jun 11 00:41:10.190131 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:52420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfvars"] [unique_id "aiouVs0ej6tAIvUNrGGpcQAAAMA"]
[Thu Jun 11 00:41:10.225769 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:56564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7fQAAAVA"]
[Thu Jun 11 00:41:10.231051 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:52430] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfstate"] [unique_id "aiouVqoCcBDhO7fD3wA7kgAAAVA"]
[Thu Jun 11 00:41:10.231522 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:52430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/terraform.tfstate"] [unique_id "aiouVqoCcBDhO7fD3wA7kgAAAVA"]
[Thu Jun 11 00:41:10.260308 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:56544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7egAAAUc"]
[Thu Jun 11 00:41:10.265532 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:52442] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "aiouVqoCcBDhO7fD3wA7kwAAAUc"]
[Thu Jun 11 00:41:10.265537 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:52440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "aiouVs0ej6tAIvUNrGGpcgAAAMM"]
[Thu Jun 11 00:41:10.265904 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:52442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "aiouVqoCcBDhO7fD3wA7kwAAAUc"]
[Thu Jun 11 00:41:10.265925 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:52440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "aiouVs0ej6tAIvUNrGGpcgAAAMM"]
[Thu Jun 11 00:41:10.295191 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:56652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTXBSW5Z6y_w6HsGXsQAAAAk"]
[Thu Jun 11 00:41:10.300028 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:52456] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "aiouVnBSW5Z6y_w6HsGX2AAAAAk"]
[Thu Jun 11 00:41:10.300520 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:52456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "aiouVnBSW5Z6y_w6HsGX2AAAAAk"]
[Thu Jun 11 00:41:10.301095 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:56522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7eQAAAUY"]
[Thu Jun 11 00:41:10.307144 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:52470] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lAAAAUY"]
[Thu Jun 11 00:41:10.307252 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:52470] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lAAAAUY"]
[Thu Jun 11 00:41:10.307648 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:52470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lAAAAUY"]
[Thu Jun 11 00:41:10.457404 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:56582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7fgAAAVI"]
[Thu Jun 11 00:41:10.460679 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:52476] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lQAAAVI"]
[Thu Jun 11 00:41:10.460803 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:52476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lQAAAVI"]
[Thu Jun 11 00:41:10.461196 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:52476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lQAAAVI"]
[Thu Jun 11 00:41:10.486055 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:56534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7fAAAAUo"]
[Thu Jun 11 00:41:10.491360 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:52490] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lgAAAUo"]
[Thu Jun 11 00:41:10.491485 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:52490] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lgAAAUo"]
[Thu Jun 11 00:41:10.492141 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:52490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lgAAAUo"]
[Thu Jun 11 00:41:10.534701 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:56664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTV71v4pS85P4fn_AZQAAAJE"]
[Thu Jun 11 00:41:10.539694 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:52504] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouVl71v4pS85P4fn_AiAAAAJE"]
[Thu Jun 11 00:41:10.539801 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:52504] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouVl71v4pS85P4fn_AiAAAAJE"]
[Thu Jun 11 00:41:10.540633 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:52504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.sql"] [unique_id "aiouVl71v4pS85P4fn_AiAAAAJE"]
[Thu Jun 11 00:41:10.565006 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:52512] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lwAAAU0"]
[Thu Jun 11 00:41:10.565287 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:52512] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lwAAAU0"]
[Thu Jun 11 00:41:10.565933 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:52512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/mysqldump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7lwAAAU0"]
[Thu Jun 11 00:41:10.593853 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:56572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7gAAAAVY"]
[Thu Jun 11 00:41:10.596919 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:52520] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mAAAAVY"]
[Thu Jun 11 00:41:10.597049 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:52520] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mAAAAVY"]
[Thu Jun 11 00:41:10.597421 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:52520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/pg_dump.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mAAAAVY"]
[Thu Jun 11 00:41:10.611851 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:56496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7ewAAAU8"]
[Thu Jun 11 00:41:10.615890 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:52522] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mQAAAU8"]
[Thu Jun 11 00:41:10.616052 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:52522] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mQAAAU8"]
[Thu Jun 11 00:41:10.616399 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:52522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/data.sql"] [unique_id "aiouVqoCcBDhO7fD3wA7mQAAAU8"]
[Thu Jun 11 00:41:10.683692 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:56606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7gQAAAVU"]
[Thu Jun 11 00:41:10.689019 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:52534] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.sql.gz"] [unique_id "aiouVqoCcBDhO7fD3wA7mgAAAVU"]
[Thu Jun 11 00:41:10.689473 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:52534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.sql.gz"] [unique_id "aiouVqoCcBDhO7fD3wA7mgAAAVU"]
[Thu Jun 11 00:41:10.739022 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:52538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.sql.gz"] [unique_id "aiouVl71v4pS85P4fn_AiQAAAII"]
[Thu Jun 11 00:41:10.739471 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:52538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.sql.gz"] [unique_id "aiouVl71v4pS85P4fn_AiQAAAII"]
[Thu Jun 11 00:41:10.749276 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:56622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7ggAAAVM"]
[Thu Jun 11 00:41:10.751988 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:52546] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.sql.gz"] [unique_id "aiouVrXVEMZbaEYG_ywRowAAAE8"]
[Thu Jun 11 00:41:10.752363 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:52546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.sql.gz"] [unique_id "aiouVrXVEMZbaEYG_ywRowAAAE8"]
[Thu Jun 11 00:41:10.755183 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:52558] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7mwAAAVM"]
[Thu Jun 11 00:41:10.755475 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:52558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7mwAAAVM"]
[Thu Jun 11 00:41:10.795118 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:56592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7fwAAAVc"]
[Thu Jun 11 00:41:10.804019 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:52566] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.gz"] [unique_id "aiouVqoCcBDhO7fD3wA7nAAAAVc"]
[Thu Jun 11 00:41:10.804432 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:52566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.gz"] [unique_id "aiouVqoCcBDhO7fD3wA7nAAAAVc"]
[Thu Jun 11 00:41:10.819803 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:56634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7hgAAAVg"]
[Thu Jun 11 00:41:10.827353 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:52560] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7nQAAAVg"]
[Thu Jun 11 00:41:10.828002 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:52560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7nQAAAVg"]
[Thu Jun 11 00:41:10.893009 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:56518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7iAAAAUs"]
[Thu Jun 11 00:41:10.896474 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:52570] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dump.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7ngAAAUs"]
[Thu Jun 11 00:41:10.896860 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:52570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dump.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7ngAAAUs"]
[Thu Jun 11 00:41:10.920205 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:56558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7hAAAAUk"]
[Thu Jun 11 00:41:10.924657 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:52582] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/site.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7nwAAAUk"]
[Thu Jun 11 00:41:10.925051 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:52582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/site.zip"] [unique_id "aiouVqoCcBDhO7fD3wA7nwAAAUk"]
[Thu Jun 11 00:41:11.014877 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:56566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7hwAAAVE"]
[Thu Jun 11 00:41:11.059785 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:56648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7gwAAAVQ"]
[Thu Jun 11 00:41:11.061684 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:52584] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/www.zip"] [unique_id "aiouV6oCcBDhO7fD3wA7oAAAAVQ"]
[Thu Jun 11 00:41:11.062098 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:52584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/www.zip"] [unique_id "aiouV6oCcBDhO7fD3wA7oAAAAVQ"]
[Thu Jun 11 00:41:11.086894 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:56546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7hQAAAUg"]
[Thu Jun 11 00:41:11.091271 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:52586] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/web.zip"] [unique_id "aiouV6oCcBDhO7fD3wA7oQAAAUg"]
[Thu Jun 11 00:41:11.091698 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:52586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/web.zip"] [unique_id "aiouV6oCcBDhO7fD3wA7oQAAAUg"]
[Thu Jun 11 00:41:11.146432 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:56494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTaoCcBDhO7fD3wA7iQAAAUQ"]
[Thu Jun 11 00:41:11.155329 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:52598] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "aiouV6oCcBDhO7fD3wA7ogAAAUQ"]
[Thu Jun 11 00:41:11.155732 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:52598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "aiouV6oCcBDhO7fD3wA7ogAAAUQ"]
[Thu Jun 11 00:41:11.187472 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:56674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTdPH5u5NVjul-pmnIQAAAQU"]
[Thu Jun 11 00:41:11.193647 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:52606] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnSwAAAQU"]
[Thu Jun 11 00:41:11.193756 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:52606] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnSwAAAQU"]
[Thu Jun 11 00:41:11.194133 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:52606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnSwAAAQU"]
[Thu Jun 11 00:41:11.287408 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:56684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTtPH5u5NVjul-pmnIgAAARI"]
[Thu Jun 11 00:41:11.291109 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:52612] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTAAAARI"]
[Thu Jun 11 00:41:11.291271 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:52612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTAAAARI"]
[Thu Jun 11 00:41:11.291690 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:52612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/dump.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTAAAARI"]
[Thu Jun 11 00:41:11.329041 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:56694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTrXVEMZbaEYG_ywRYgAAAEg"]
[Thu Jun 11 00:41:11.332295 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:52624] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpQAAAEg"]
[Thu Jun 11 00:41:11.332440 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:52624] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpQAAAEg"]
[Thu Jun 11 00:41:11.333038 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:52624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/sql/db.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpQAAAEg"]
[Thu Jun 11 00:41:11.360825 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:56700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTnBSW5Z6y_w6HsGXswAAAAo"]
[Thu Jun 11 00:41:11.365872 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:52630] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX2wAAAAo"]
[Thu Jun 11 00:41:11.365981 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:52630] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX2wAAAAo"]
[Thu Jun 11 00:41:11.366512 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:52630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX2wAAAAo"]
[Thu Jun 11 00:41:11.389645 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:56702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTnBSW5Z6y_w6HsGXtAAAAAA"]
[Thu Jun 11 00:41:11.399953 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:52636] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3AAAAAA"]
[Thu Jun 11 00:41:11.400094 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:52636] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3AAAAAA"]
[Thu Jun 11 00:41:11.400451 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:52636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backup/dump.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3AAAAAA"]
[Thu Jun 11 00:41:11.456847 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:56714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTs0ej6tAIvUNrGGpUAAAAMY"]
[Thu Jun 11 00:41:11.461699 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:52644] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouV80ej6tAIvUNrGGpcwAAAMY"]
[Thu Jun 11 00:41:11.461819 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:52644] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouV80ej6tAIvUNrGGpcwAAAMY"]
[Thu Jun 11 00:41:11.462336 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:52644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backups/db.sql"] [unique_id "aiouV80ej6tAIvUNrGGpcwAAAMY"]
[Thu Jun 11 00:41:11.549219 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:56726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTs0ej6tAIvUNrGGpVAAAAMs"]
[Thu Jun 11 00:41:11.549952 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:56722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTtPH5u5NVjul-pmnJAAAAQA"]
[Thu Jun 11 00:41:11.667324 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:56734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTl71v4pS85P4fn_AZwAAAIg"]
[Thu Jun 11 00:41:11.672908 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:52660] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouV171v4pS85P4fn_AigAAAIg"]
[Thu Jun 11 00:41:11.673156 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:52660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouV171v4pS85P4fn_AigAAAIg"]
[Thu Jun 11 00:41:11.673870 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:52660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backups/dump.sql"] [unique_id "aiouV171v4pS85P4fn_AigAAAIg"]
[Thu Jun 11 00:41:11.681865 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:56748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTtPH5u5NVjul-pmnJQAAAQg"]
[Thu Jun 11 00:41:11.689353 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:52676] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTgAAAQg"]
[Thu Jun 11 00:41:11.689465 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:52676] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTgAAAQg"]
[Thu Jun 11 00:41:11.689877 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:52676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "aiouV9PH5u5NVjul-pmnTgAAAQg"]
[Thu Jun 11 00:41:11.736123 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:56760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTrXVEMZbaEYG_ywRaAAAAEE"]
[Thu Jun 11 00:41:11.741208 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:52688] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpwAAAEE"]
[Thu Jun 11 00:41:11.741436 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:52688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpwAAAEE"]
[Thu Jun 11 00:41:11.742146 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:52688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "aiouV7XVEMZbaEYG_ywRpwAAAEE"]
[Thu Jun 11 00:41:11.819041 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:56776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouTnBSW5Z6y_w6HsGXtgAAAA4"]
[Thu Jun 11 00:41:11.825426 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:56782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT3BSW5Z6y_w6HsGXtwAAAA8"]
[Thu Jun 11 00:41:11.830319 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:52690] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3gAAAA8"]
[Thu Jun 11 00:41:11.830449 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:52690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3gAAAA8"]
[Thu Jun 11 00:41:11.830764 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:52690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/exports/db.sql"] [unique_id "aiouV3BSW5Z6y_w6HsGX3gAAAA8"]
[Thu Jun 11 00:41:11.920090 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:56800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT3BSW5Z6y_w6HsGXuQAAABc"]
[Thu Jun 11 00:41:11.923245 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:52698] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX3wAAABc"]
[Thu Jun 11 00:41:11.923715 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:52698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX3wAAABc"]
[Thu Jun 11 00:41:11.950402 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:56794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT80ej6tAIvUNrGGpVwAAAM4"]
[Thu Jun 11 00:41:11.952352 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:52702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.js"] [unique_id "aiouV80ej6tAIvUNrGGpdAAAAM4"]
[Thu Jun 11 00:41:11.952836 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:52702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.js"] [unique_id "aiouV80ej6tAIvUNrGGpdAAAAM4"]
[Thu Jun 11 00:41:12.008780 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:56806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT7XVEMZbaEYG_ywRbAAAAFI"]
[Thu Jun 11 00:41:12.012994 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:52716] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.json"] [unique_id "aiouWLXVEMZbaEYG_ywRqAAAAFI"]
[Thu Jun 11 00:41:12.013455 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:52716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.json"] [unique_id "aiouWLXVEMZbaEYG_ywRqAAAAFI"]
[Thu Jun 11 00:41:12.077032 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:56834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT9PH5u5NVjul-pmnKQAAAQ4"]
[Thu Jun 11 00:41:12.081792 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:52732] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.yml"] [unique_id "aiouWNPH5u5NVjul-pmnTwAAAQ4"]
[Thu Jun 11 00:41:12.082253 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:52732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.yml"] [unique_id "aiouWNPH5u5NVjul-pmnTwAAAQ4"]
[Thu Jun 11 00:41:12.089901 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:56810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT80ej6tAIvUNrGGpWQAAANU"]
[Thu Jun 11 00:41:12.093954 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:52742] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.yaml"] [unique_id "aiouWM0ej6tAIvUNrGGpdQAAANU"]
[Thu Jun 11 00:41:12.094435 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:52742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.yaml"] [unique_id "aiouWM0ej6tAIvUNrGGpdQAAANU"]
[Thu Jun 11 00:41:12.177708 2026] [security2:error] [pid 22855:tid 22876] [client 34.106.8.40:56816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT171v4pS85P4fn_AbAAAAIo"]
[Thu Jun 11 00:41:12.185858 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:56820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT7XVEMZbaEYG_ywRcAAAAEs"]
[Thu Jun 11 00:41:12.189309 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:52748] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouWLXVEMZbaEYG_ywRqgAAAEs"]
[Thu Jun 11 00:41:12.189419 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:52748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouWLXVEMZbaEYG_ywRqgAAAEs"]
[Thu Jun 11 00:41:12.189833 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:52748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.ini"] [unique_id "aiouWLXVEMZbaEYG_ywRqgAAAEs"]
[Thu Jun 11 00:41:12.272947 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:56850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT171v4pS85P4fn_AbgAAAJU"]
[Thu Jun 11 00:41:12.274941 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:52760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config.env"] [unique_id "aiouWF71v4pS85P4fn_AiwAAAJU"]
[Thu Jun 11 00:41:12.275336 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:52760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config.env"] [unique_id "aiouWF71v4pS85P4fn_AiwAAAJU"]
[Thu Jun 11 00:41:12.359665 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:56872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouULXVEMZbaEYG_ywRdAAAAEo"]
[Thu Jun 11 00:41:12.363177 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:52768] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.php"] [unique_id "aiouWLXVEMZbaEYG_ywRqwAAAEo"]
[Thu Jun 11 00:41:12.363697 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:52768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.php"] [unique_id "aiouWLXVEMZbaEYG_ywRqwAAAEo"]
[Thu Jun 11 00:41:12.382354 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:56858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouT3BSW5Z6y_w6HsGXuwAAABA"]
[Thu Jun 11 00:41:12.385979 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:52778] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.json"] [unique_id "aiouWHBSW5Z6y_w6HsGX4QAAABA"]
[Thu Jun 11 00:41:12.386409 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:52778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.json"] [unique_id "aiouWHBSW5Z6y_w6HsGX4QAAABA"]
[Thu Jun 11 00:41:12.451946 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:56880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUHBSW5Z6y_w6HsGXvAAAABQ"]
[Thu Jun 11 00:41:12.456783 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:52788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/configuration.yml"] [unique_id "aiouWHBSW5Z6y_w6HsGX4gAAABQ"]
[Thu Jun 11 00:41:12.457149 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:52788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/configuration.yml"] [unique_id "aiouWHBSW5Z6y_w6HsGX4gAAABQ"]
[Thu Jun 11 00:41:12.476518 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:56890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUNPH5u5NVjul-pmnKwAAAQw"]
[Thu Jun 11 00:41:12.479021 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:52794] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.php"] [unique_id "aiouWNPH5u5NVjul-pmnUQAAAQw"]
[Thu Jun 11 00:41:12.479504 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:52794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.php"] [unique_id "aiouWNPH5u5NVjul-pmnUQAAAQw"]
[Thu Jun 11 00:41:12.497563 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:56896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUM0ej6tAIvUNrGGpXAAAANc"]
[Thu Jun 11 00:41:12.500883 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:52810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.py"] [unique_id "aiouWM0ej6tAIvUNrGGpdgAAANc"]
[Thu Jun 11 00:41:12.501220 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:52810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.py"] [unique_id "aiouWM0ej6tAIvUNrGGpdgAAANc"]
[Thu Jun 11 00:41:12.583255 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:56910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUNPH5u5NVjul-pmnLQAAAQo"]
[Thu Jun 11 00:41:12.586921 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:52818] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.json"] [unique_id "aiouWNPH5u5NVjul-pmnUgAAAQo"]
[Thu Jun 11 00:41:12.587323 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:52818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.json"] [unique_id "aiouWNPH5u5NVjul-pmnUgAAAQo"]
[Thu Jun 11 00:41:12.646101 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:56918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUHBSW5Z6y_w6HsGXvgAAAAw"]
[Thu Jun 11 00:41:12.650482 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:52832] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.yml"] [unique_id "aiouWHBSW5Z6y_w6HsGX4wAAAAw"]
[Thu Jun 11 00:41:12.651110 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:52832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.yml"] [unique_id "aiouWHBSW5Z6y_w6HsGX4wAAAAw"]
[Thu Jun 11 00:41:12.680104 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:56934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUM0ej6tAIvUNrGGpXgAAAMQ"]
[Thu Jun 11 00:41:12.684520 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:52848] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouWM0ej6tAIvUNrGGpdwAAAMQ"]
[Thu Jun 11 00:41:12.684651 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:52848] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouWM0ej6tAIvUNrGGpdwAAAMQ"]
[Thu Jun 11 00:41:12.685234 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:52848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings.ini"] [unique_id "aiouWM0ej6tAIvUNrGGpdwAAAMQ"]
[Thu Jun 11 00:41:12.723537 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:56952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouULXVEMZbaEYG_ywReQAAAFY"]
[Thu Jun 11 00:41:12.728160 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:52864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.yml"] [unique_id "aiouWLXVEMZbaEYG_ywRrQAAAFY"]
[Thu Jun 11 00:41:12.728596 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:52864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.yml"] [unique_id "aiouWLXVEMZbaEYG_ywRrQAAAFY"]
[Thu Jun 11 00:41:12.736735 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:56946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUM0ej6tAIvUNrGGpXwAAANg"]
[Thu Jun 11 00:41:12.748224 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:52876] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.yaml"] [unique_id "aiouWM0ej6tAIvUNrGGpeAAAANg"]
[Thu Jun 11 00:41:12.748656 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:52876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.yaml"] [unique_id "aiouWM0ej6tAIvUNrGGpeAAAANg"]
[Thu Jun 11 00:41:12.855403 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:56964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUNPH5u5NVjul-pmnLwAAAQQ"]
[Thu Jun 11 00:41:12.860188 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:52882] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.properties"] [unique_id "aiouWNPH5u5NVjul-pmnVAAAAQQ"]
[Thu Jun 11 00:41:12.860657 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:52882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.properties"] [unique_id "aiouWNPH5u5NVjul-pmnVAAAAQQ"]
[Thu Jun 11 00:41:12.874359 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:56978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUHBSW5Z6y_w6HsGXvwAAAAc"]
[Thu Jun 11 00:41:12.879708 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:52888] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.json"] [unique_id "aiouWHBSW5Z6y_w6HsGX5AAAAAc"]
[Thu Jun 11 00:41:12.880091 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:52888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.json"] [unique_id "aiouWHBSW5Z6y_w6HsGX5AAAAAc"]
[Thu Jun 11 00:41:12.955288 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:56982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUbXVEMZbaEYG_ywRfQAAAE0"]
[Thu Jun 11 00:41:12.960273 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:52890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.json"] [unique_id "aiouWLXVEMZbaEYG_ywRrgAAAE0"]
[Thu Jun 11 00:41:12.960945 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:52890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.json"] [unique_id "aiouWLXVEMZbaEYG_ywRrgAAAE0"]
[Thu Jun 11 00:41:13.011254 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:57000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUbXVEMZbaEYG_ywRfwAAAFQ"]
[Thu Jun 11 00:41:13.040907 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:56996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUbXVEMZbaEYG_ywRfgAAAFU"]
[Thu Jun 11 00:41:13.043207 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:52896] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.yaml"] [unique_id "aiouWbXVEMZbaEYG_ywRsAAAAFU"]
[Thu Jun 11 00:41:13.043625 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:52896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.yaml"] [unique_id "aiouWbXVEMZbaEYG_ywRsAAAAFU"]
[Thu Jun 11 00:41:13.128264 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:57006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUc0ej6tAIvUNrGGpYgAAAM8"]
[Thu Jun 11 00:41:13.131415 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:52900] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.yml"] [unique_id "aiouWc0ej6tAIvUNrGGpeQAAAM8"]
[Thu Jun 11 00:41:13.131859 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:52900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.yml"] [unique_id "aiouWc0ej6tAIvUNrGGpeQAAAM8"]
[Thu Jun 11 00:41:13.142286 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:57008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUXBSW5Z6y_w6HsGXwQAAABE"]
[Thu Jun 11 00:41:13.145976 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:52912] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX5gAAABE"]
[Thu Jun 11 00:41:13.146540 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:52912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX5gAAABE"]
[Thu Jun 11 00:41:13.236363 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:57020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUdPH5u5NVjul-pmnMQAAARE"]
[Thu Jun 11 00:41:13.240136 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:52918] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "aiouWdPH5u5NVjul-pmnVQAAARE"]
[Thu Jun 11 00:41:13.240552 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:52918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "aiouWdPH5u5NVjul-pmnVQAAARE"]
[Thu Jun 11 00:41:13.264630 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:57044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUXBSW5Z6y_w6HsGXwwAAAAg"]
[Thu Jun 11 00:41:13.268510 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:52926] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX5wAAAAg"]
[Thu Jun 11 00:41:13.268958 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:52926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX5wAAAAg"]
[Thu Jun 11 00:41:13.276133 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:57036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUV71v4pS85P4fn_AdAAAAJg"]
[Thu Jun 11 00:41:13.280122 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:52934] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.yml"] [unique_id "aiouWV71v4pS85P4fn_AjAAAAJg"]
[Thu Jun 11 00:41:13.280524 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:52934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.yml"] [unique_id "aiouWV71v4pS85P4fn_AjAAAAJg"]
[Thu Jun 11 00:41:13.386126 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:57048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUc0ej6tAIvUNrGGpYwAAAM0"]
[Thu Jun 11 00:41:13.390713 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:52948] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.yaml"] [unique_id "aiouWc0ej6tAIvUNrGGpegAAAM0"]
[Thu Jun 11 00:41:13.391275 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:52948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.yaml"] [unique_id "aiouWc0ej6tAIvUNrGGpegAAAM0"]
[Thu Jun 11 00:41:13.402315 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:57050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUXBSW5Z6y_w6HsGXxAAAABM"]
[Thu Jun 11 00:41:13.410119 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:52960] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/parameters.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX6AAAABM"]
[Thu Jun 11 00:41:13.410480 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:52960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/parameters.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX6AAAABM"]
[Thu Jun 11 00:41:13.495162 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:57052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUbXVEMZbaEYG_ywRhAAAAEM"]
[Thu Jun 11 00:41:13.500965 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:52968] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouWbXVEMZbaEYG_ywRsgAAAEM"]
[Thu Jun 11 00:41:13.501157 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:52968] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouWbXVEMZbaEYG_ywRsgAAAEM"]
[Thu Jun 11 00:41:13.501432 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:52968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.yml"] [unique_id "aiouWbXVEMZbaEYG_ywRsgAAAEM"]
[Thu Jun 11 00:41:13.542697 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:57068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUdPH5u5NVjul-pmnMgAAARY"]
[Thu Jun 11 00:41:13.554398 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:57080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUdPH5u5NVjul-pmnNAAAAQY"]
[Thu Jun 11 00:41:13.554471 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:52974] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.yaml"] [unique_id "aiouWdPH5u5NVjul-pmnVwAAARY"]
[Thu Jun 11 00:41:13.554964 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:52974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.yaml"] [unique_id "aiouWdPH5u5NVjul-pmnVwAAARY"]
[Thu Jun 11 00:41:13.595846 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:58174] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings/local.py"] [unique_id "aiouWdPH5u5NVjul-pmnWAAAAQY"]
[Thu Jun 11 00:41:13.596385 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:58174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings/local.py"] [unique_id "aiouWdPH5u5NVjul-pmnWAAAAQY"]
[Thu Jun 11 00:41:13.664081 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:57094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUrXVEMZbaEYG_ywRhgAAAFA"]
[Thu Jun 11 00:41:13.669918 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:57098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUrXVEMZbaEYG_ywRiAAAAEY"]
[Thu Jun 11 00:41:13.673046 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:52982] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.php"] [unique_id "aiouWbXVEMZbaEYG_ywRswAAAEY"]
[Thu Jun 11 00:41:13.673771 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:52982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.php"] [unique_id "aiouWbXVEMZbaEYG_ywRswAAAEY"]
[Thu Jun 11 00:41:13.675816 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:52984] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.json"] [unique_id "aiouWbXVEMZbaEYG_ywRtAAAAFA"]
[Thu Jun 11 00:41:13.676287 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:52984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.json"] [unique_id "aiouWbXVEMZbaEYG_ywRtAAAAFA"]
[Thu Jun 11 00:41:13.810668 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:57096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUl71v4pS85P4fn_AdgAAAIQ"]
[Thu Jun 11 00:41:13.813910 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:52996] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouWV71v4pS85P4fn_AjQAAAIQ"]
[Thu Jun 11 00:41:13.814055 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:52996] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouWV71v4pS85P4fn_AjQAAAIQ"]
[Thu Jun 11 00:41:13.814459 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:52996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/database.ini"] [unique_id "aiouWV71v4pS85P4fn_AjQAAAIQ"]
[Thu Jun 11 00:41:13.817253 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:57102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZAAAANY"]
[Thu Jun 11 00:41:13.829976 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:53006] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.php"] [unique_id "aiouWc0ej6tAIvUNrGGpewAAANY"]
[Thu Jun 11 00:41:13.830325 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:53006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.php"] [unique_id "aiouWc0ej6tAIvUNrGGpewAAANY"]
[Thu Jun 11 00:41:13.832452 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:57110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUtPH5u5NVjul-pmnNQAAARQ"]
[Thu Jun 11 00:41:13.837657 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:53008] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.json"] [unique_id "aiouWdPH5u5NVjul-pmnWgAAARQ"]
[Thu Jun 11 00:41:13.837925 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:53008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.json"] [unique_id "aiouWdPH5u5NVjul-pmnWgAAARQ"]
[Thu Jun 11 00:41:13.962111 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:57124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUl71v4pS85P4fn_AdwAAAJY"]
[Thu Jun 11 00:41:13.966919 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:53012] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/db.yml"] [unique_id "aiouWV71v4pS85P4fn_AjgAAAJY"]
[Thu Jun 11 00:41:13.967290 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:53012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/db.yml"] [unique_id "aiouWV71v4pS85P4fn_AjgAAAJY"]
[Thu Jun 11 00:41:13.972914 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:57120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUnBSW5Z6y_w6HsGXxgAAAAY"]
[Thu Jun 11 00:41:13.981073 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:53018] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX6wAAAAY"]
[Thu Jun 11 00:41:13.981527 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:53018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.json"] [unique_id "aiouWXBSW5Z6y_w6HsGX6wAAAAY"]
[Thu Jun 11 00:41:14.109359 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:57126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUtPH5u5NVjul-pmnNgAAAQc"]
[Thu Jun 11 00:41:14.112946 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:53020] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.yml"] [unique_id "aiouWtPH5u5NVjul-pmnWwAAAQc"]
[Thu Jun 11 00:41:14.113368 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:53020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.yml"] [unique_id "aiouWtPH5u5NVjul-pmnWwAAAQc"]
[Thu Jun 11 00:41:14.151928 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:57132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUrXVEMZbaEYG_ywRiwAAAEk"]
[Thu Jun 11 00:41:14.155731 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:53028] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/credentials.yaml"] [unique_id "aiouWrXVEMZbaEYG_ywRtgAAAEk"]
[Thu Jun 11 00:41:14.156194 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:53028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/credentials.yaml"] [unique_id "aiouWrXVEMZbaEYG_ywRtgAAAEk"]
[Thu Jun 11 00:41:14.165607 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:57148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZQAAANQ"]
[Thu Jun 11 00:41:14.169191 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:53036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.json"] [unique_id "aiouWs0ej6tAIvUNrGGpfAAAANQ"]
[Thu Jun 11 00:41:14.169539 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:53036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.json"] [unique_id "aiouWs0ej6tAIvUNrGGpfAAAANQ"]
[Thu Jun 11 00:41:14.234029 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:57156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUl71v4pS85P4fn_AeAAAAJQ"]
[Thu Jun 11 00:41:14.239493 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:53046] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.yml"] [unique_id "aiouWl71v4pS85P4fn_AjwAAAJQ"]
[Thu Jun 11 00:41:14.240033 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:53046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.yml"] [unique_id "aiouWl71v4pS85P4fn_AjwAAAJQ"]
[Thu Jun 11 00:41:14.249022 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:57164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUnBSW5Z6y_w6HsGXyAAAAAE"]
[Thu Jun 11 00:41:14.252412 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:53056] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.env"] [unique_id "aiouWnBSW5Z6y_w6HsGX7AAAAAE"]
[Thu Jun 11 00:41:14.252764 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:53056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.env"] [unique_id "aiouWnBSW5Z6y_w6HsGX7AAAAAE"]
[Thu Jun 11 00:41:14.372998 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:57170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZgAAAMc"]
[Thu Jun 11 00:41:14.390003 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:57176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouUs0ej6tAIvUNrGGpZwAAAMw"]
[Thu Jun 11 00:41:14.392685 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:53058] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secrets.yaml"] [unique_id "aiouWs0ej6tAIvUNrGGpfQAAAMw"]
[Thu Jun 11 00:41:14.393055 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:53058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secrets.yaml"] [unique_id "aiouWs0ej6tAIvUNrGGpfQAAAMw"]
[Thu Jun 11 00:41:14.438025 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:57184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU171v4pS85P4fn_AeQAAAJA"]
[Thu Jun 11 00:41:14.442218 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:53062] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/secret.json"] [unique_id "aiouWl71v4pS85P4fn_AkAAAAJA"]
[Thu Jun 11 00:41:14.442618 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:53062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/secret.json"] [unique_id "aiouWl71v4pS85P4fn_AkAAAAJA"]
[Thu Jun 11 00:41:14.537607 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:57196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU7XVEMZbaEYG_ywRjgAAAFg"]
[Thu Jun 11 00:41:14.545934 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:57188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU7XVEMZbaEYG_ywRjQAAAEI"]
[Thu Jun 11 00:41:14.548708 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:53072] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private.json"] [unique_id "aiouWrXVEMZbaEYG_ywRuAAAAEI"]
[Thu Jun 11 00:41:14.549248 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:53072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private.json"] [unique_id "aiouWrXVEMZbaEYG_ywRuAAAAEI"]
[Thu Jun 11 00:41:14.658239 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:57212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU9PH5u5NVjul-pmnOQAAARM"]
[Thu Jun 11 00:41:14.662860 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:53078] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/keys.json"] [unique_id "aiouWtPH5u5NVjul-pmnXQAAARM"]
[Thu Jun 11 00:41:14.663127 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:57226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU9PH5u5NVjul-pmnOgAAARg"]
[Thu Jun 11 00:41:14.663231 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:53078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/keys.json"] [unique_id "aiouWtPH5u5NVjul-pmnXQAAARM"]
[Thu Jun 11 00:41:14.674798 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:53094] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api_keys.json"] [unique_id "aiouWtPH5u5NVjul-pmnXgAAARg"]
[Thu Jun 11 00:41:14.675294 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:53094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api_keys.json"] [unique_id "aiouWtPH5u5NVjul-pmnXgAAARg"]
[Thu Jun 11 00:41:14.737013 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:57234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU80ej6tAIvUNrGGpaAAAAMI"]
[Thu Jun 11 00:41:14.744067 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:53106] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api-keys.json"] [unique_id "aiouWs0ej6tAIvUNrGGpgAAAAMI"]
[Thu Jun 11 00:41:14.744943 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:53106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api-keys.json"] [unique_id "aiouWs0ej6tAIvUNrGGpgAAAAMI"]
[Thu Jun 11 00:41:14.782825 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:57248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU3BSW5Z6y_w6HsGXygAAABg"]
[Thu Jun 11 00:41:14.787789 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:53118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api_keys.yml"] [unique_id "aiouWnBSW5Z6y_w6HsGX7gAAABg"]
[Thu Jun 11 00:41:14.788286 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:53118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api_keys.yml"] [unique_id "aiouWnBSW5Z6y_w6HsGX7gAAABg"]
[Thu Jun 11 00:41:14.838895 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:57250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU171v4pS85P4fn_AegAAAIY"]
[Thu Jun 11 00:41:14.840795 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:53130] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.json"] [unique_id "aiouWrXVEMZbaEYG_ywRuwAAAFg"]
[Thu Jun 11 00:41:14.841186 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:53130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.json"] [unique_id "aiouWrXVEMZbaEYG_ywRuwAAAFg"]
[Thu Jun 11 00:41:14.843730 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53138] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.yml"] [unique_id "aiouWl71v4pS85P4fn_AkQAAAIY"]
[Thu Jun 11 00:41:14.844081 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.yml"] [unique_id "aiouWl71v4pS85P4fn_AkQAAAIY"]
[Thu Jun 11 00:41:14.923918 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:57272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU80ej6tAIvUNrGGpaQAAANI"]
[Thu Jun 11 00:41:14.959683 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:53148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/config.php"] [unique_id "aiouWs0ej6tAIvUNrGGpgwAAANI"]
[Thu Jun 11 00:41:14.960221 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:53148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/config.php"] [unique_id "aiouWs0ej6tAIvUNrGGpgwAAANI"]
[Thu Jun 11 00:41:14.982623 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:57260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU9PH5u5NVjul-pmnPAAAAQk"]
[Thu Jun 11 00:41:14.987686 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:53156] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/settings.json"] [unique_id "aiouWtPH5u5NVjul-pmnYAAAAQk"]
[Thu Jun 11 00:41:14.988083 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:53156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/settings.json"] [unique_id "aiouWtPH5u5NVjul-pmnYAAAAQk"]
[Thu Jun 11 00:41:15.005826 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:53170] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/settings.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvAAAAFE"]
[Thu Jun 11 00:41:15.006270 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:53170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/settings.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvAAAAFE"]
[Thu Jun 11 00:41:15.014952 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:57286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU3BSW5Z6y_w6HsGXzAAAABY"]
[Thu Jun 11 00:41:15.056514 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:46440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "aiouW3BSW5Z6y_w6HsGX8AAAABY"]
[Thu Jun 11 00:41:15.056983 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:46440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "aiouW3BSW5Z6y_w6HsGX8AAAABY"]
[Thu Jun 11 00:41:15.098628 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:57292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU7XVEMZbaEYG_ywRkgAAAFM"]
[Thu Jun 11 00:41:15.104241 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:53172] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvQAAAFM"]
[Thu Jun 11 00:41:15.104387 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:53172] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /api/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvQAAAFM"]
[Thu Jun 11 00:41:15.104751 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:53172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/database.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvQAAAFM"]
[Thu Jun 11 00:41:15.136210 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:57304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU171v4pS85P4fn_AewAAAIc"]
[Thu Jun 11 00:41:15.177752 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:46452] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "aiouW171v4pS85P4fn_AkgAAAIc"]
[Thu Jun 11 00:41:15.178225 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:46452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "aiouW171v4pS85P4fn_AkgAAAIc"]
[Thu Jun 11 00:41:15.203434 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:57318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU9PH5u5NVjul-pmnPQAAAQ8"]
[Thu Jun 11 00:41:15.241216 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:57320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouU3BSW5Z6y_w6HsGXzQAAABU"]
[Thu Jun 11 00:41:15.243812 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:53184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/database.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX8QAAABU"]
[Thu Jun 11 00:41:15.244290 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:53184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/database.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX8QAAABU"]
[Thu Jun 11 00:41:15.244380 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:46466] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "aiouW9PH5u5NVjul-pmnYQAAAQ8"]
[Thu Jun 11 00:41:15.244877 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:46466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "aiouW9PH5u5NVjul-pmnYQAAAQ8"]
[Thu Jun 11 00:41:15.291746 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:57330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVM0ej6tAIvUNrGGpagAAANA"]
[Thu Jun 11 00:41:15.332676 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:53200] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/application.yml"] [unique_id "aiouW80ej6tAIvUNrGGphgAAANA"]
[Thu Jun 11 00:41:15.333102 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:53200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/application.yml"] [unique_id "aiouW80ej6tAIvUNrGGphgAAANA"]
[Thu Jun 11 00:41:15.428058 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:57362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVHBSW5Z6y_w6HsGXzwAAAAI"]
[Thu Jun 11 00:41:15.433748 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:53212] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/application.properties"] [unique_id "aiouW3BSW5Z6y_w6HsGX8gAAAAI"]
[Thu Jun 11 00:41:15.434138 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:53212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/application.properties"] [unique_id "aiouW3BSW5Z6y_w6HsGX8gAAAAI"]
[Thu Jun 11 00:41:15.435861 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:57342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVF71v4pS85P4fn_AfQAAAJI"]
[Thu Jun 11 00:41:15.441006 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:53220] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/appsettings.json"] [unique_id "aiouW171v4pS85P4fn_AkwAAAJI"]
[Thu Jun 11 00:41:15.441400 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:53220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/appsettings.json"] [unique_id "aiouW171v4pS85P4fn_AkwAAAJI"]
[Thu Jun 11 00:41:15.478817 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:57352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVM0ej6tAIvUNrGGpawAAAMU"]
[Thu Jun 11 00:41:15.486866 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:53232] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouW80ej6tAIvUNrGGpiAAAAMU"]
[Thu Jun 11 00:41:15.487258 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:53232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/credentials.json"] [unique_id "aiouW80ej6tAIvUNrGGpiAAAAMU"]
[Thu Jun 11 00:41:15.532622 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:57368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVNPH5u5NVjul-pmnPwAAAQM"]
[Thu Jun 11 00:41:15.535916 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:53240] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/secrets.json"] [unique_id "aiouW9PH5u5NVjul-pmnYwAAAQM"]
[Thu Jun 11 00:41:15.536327 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:53240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/secrets.json"] [unique_id "aiouW9PH5u5NVjul-pmnYwAAAQM"]
[Thu Jun 11 00:41:15.603033 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:57384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVF71v4pS85P4fn_AfgAAAJc"]
[Thu Jun 11 00:41:15.608416 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:53248] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/keys.json"] [unique_id "aiouW171v4pS85P4fn_AlAAAAJc"]
[Thu Jun 11 00:41:15.608941 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:53248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/keys.json"] [unique_id "aiouW171v4pS85P4fn_AlAAAAJc"]
[Thu Jun 11 00:41:15.680848 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:57396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVLXVEMZbaEYG_ywRlgAAAEw"]
[Thu Jun 11 00:41:15.684047 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:53252] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/parameters.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvwAAAEw"]
[Thu Jun 11 00:41:15.684437 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:53252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/parameters.yml"] [unique_id "aiouW7XVEMZbaEYG_ywRvwAAAEw"]
[Thu Jun 11 00:41:15.758777 2026] [security2:error] [pid 21126:tid 21147] [client 34.106.8.40:57412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVM0ej6tAIvUNrGGpbAAAANM"]
[Thu Jun 11 00:41:15.788999 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:52242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVHBSW5Z6y_w6HsGX0QAAAAU"]
[Thu Jun 11 00:41:15.807195 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:57422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVNPH5u5NVjul-pmnQQAAAQ0"]
[Thu Jun 11 00:41:15.814046 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:53264] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/config.json"] [unique_id "aiouW9PH5u5NVjul-pmnZAAAAQ0"]
[Thu Jun 11 00:41:15.814376 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:53264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/config.json"] [unique_id "aiouW9PH5u5NVjul-pmnZAAAAQ0"]
[Thu Jun 11 00:41:15.861866 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:53268] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "aiouW3BSW5Z6y_w6HsGX9AAAAAU"]
[Thu Jun 11 00:41:15.862299 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:53268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "aiouW3BSW5Z6y_w6HsGX9AAAAAU"]
[Thu Jun 11 00:41:15.887916 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:57424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVNPH5u5NVjul-pmnQgAAARU"]
[Thu Jun 11 00:41:15.892303 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:53278] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/config.json"] [unique_id "aiouW9PH5u5NVjul-pmnZQAAARU"]
[Thu Jun 11 00:41:15.892802 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/config.json"] [unique_id "aiouW9PH5u5NVjul-pmnZQAAARU"]
[Thu Jun 11 00:41:15.947515 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:57426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVM0ej6tAIvUNrGGpbQAAAME"]
[Thu Jun 11 00:41:15.950149 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:53282] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "aiouW80ej6tAIvUNrGGpjQAAAME"]
[Thu Jun 11 00:41:15.950533 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:53282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "aiouW80ej6tAIvUNrGGpjQAAAME"]
[Thu Jun 11 00:41:16.048471 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:57450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVc0ej6tAIvUNrGGpbgAAAMg"]
[Thu Jun 11 00:41:16.053558 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:53284] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.php"] [unique_id "aiouXM0ej6tAIvUNrGGpjwAAAMg"]
[Thu Jun 11 00:41:16.053960 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:53284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.php"] [unique_id "aiouXM0ej6tAIvUNrGGpjwAAAMg"]
[Thu Jun 11 00:41:16.060635 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:57440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVF71v4pS85P4fn_AgAAAAJM"]
[Thu Jun 11 00:41:16.064565 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:53288] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.json"] [unique_id "aiouXF71v4pS85P4fn_AlQAAAJM"]
[Thu Jun 11 00:41:16.064964 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:53288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.json"] [unique_id "aiouXF71v4pS85P4fn_AlQAAAJM"]
[Thu Jun 11 00:41:16.103894 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:57462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVXBSW5Z6y_w6HsGX0gAAAAM"]
[Thu Jun 11 00:41:16.108859 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:53290] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX9gAAAAM"]
[Thu Jun 11 00:41:16.109321 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:53290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX9gAAAAM"]
[Thu Jun 11 00:41:16.196022 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:57474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVdPH5u5NVjul-pmnQwAAAQs"]
[Thu Jun 11 00:41:16.200990 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:53298] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/settings.php"] [unique_id "aiouXNPH5u5NVjul-pmnZwAAAQs"]
[Thu Jun 11 00:41:16.201543 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:53298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/settings.php"] [unique_id "aiouXNPH5u5NVjul-pmnZwAAAQs"]
[Thu Jun 11 00:41:16.252709 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:57480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AgQAAAI0"]
[Thu Jun 11 00:41:16.256854 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:53310] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/settings.json"] [unique_id "aiouXF71v4pS85P4fn_AlgAAAI0"]
[Thu Jun 11 00:41:16.257287 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:53310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/settings.json"] [unique_id "aiouXF71v4pS85P4fn_AlgAAAI0"]
[Thu Jun 11 00:41:16.352008 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:57496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AggAAAIA"]
[Thu Jun 11 00:41:16.358458 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:53324] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/database.php"] [unique_id "aiouXF71v4pS85P4fn_AlwAAAIA"]
[Thu Jun 11 00:41:16.359158 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:53324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/database.php"] [unique_id "aiouXF71v4pS85P4fn_AlwAAAIA"]
[Thu Jun 11 00:41:16.389105 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:52252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVc0ej6tAIvUNrGGpbwAAAMk"]
[Thu Jun 11 00:41:16.459251 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:53326] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouXM0ej6tAIvUNrGGplAAAAMk"]
[Thu Jun 11 00:41:16.459398 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:53326] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /app/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouXM0ej6tAIvUNrGGplAAAAMk"]
[Thu Jun 11 00:41:16.459704 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:53326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/database.yml"] [unique_id "aiouXM0ej6tAIvUNrGGplAAAAMk"]
[Thu Jun 11 00:41:16.473741 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:52268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AgwAAAIw"]
[Thu Jun 11 00:41:16.549468 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:53328] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/credentials.json"] [unique_id "aiouXF71v4pS85P4fn_AmAAAAIw"]
[Thu Jun 11 00:41:16.550031 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/credentials.json"] [unique_id "aiouXF71v4pS85P4fn_AmAAAAIw"]
[Thu Jun 11 00:41:16.553856 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:52280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVdPH5u5NVjul-pmnRQAAARA"]
[Thu Jun 11 00:41:16.615433 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:57498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AhAAAAIk"]
[Thu Jun 11 00:41:16.621331 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:53342] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/secrets.json"] [unique_id "aiouXF71v4pS85P4fn_AmQAAAIk"]
[Thu Jun 11 00:41:16.621874 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:53342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/secrets.json"] [unique_id "aiouXF71v4pS85P4fn_AmQAAAIk"]
[Thu Jun 11 00:41:16.624282 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:52296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVXBSW5Z6y_w6HsGX1AAAAAs"]
[Thu Jun 11 00:41:16.627205 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:53358] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/application.yml"] [unique_id "aiouXNPH5u5NVjul-pmnaQAAARA"]
[Thu Jun 11 00:41:16.627543 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:53358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/application.yml"] [unique_id "aiouXNPH5u5NVjul-pmnaQAAARA"]
[Thu Jun 11 00:41:16.667106 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:57500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVc0ej6tAIvUNrGGpcAAAAMo"]
[Thu Jun 11 00:41:16.672400 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:53374] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/application.properties"] [unique_id "aiouXM0ej6tAIvUNrGGplgAAAMo"]
[Thu Jun 11 00:41:16.672828 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:53374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/application.properties"] [unique_id "aiouXM0ej6tAIvUNrGGplgAAAMo"]
[Thu Jun 11 00:41:16.701089 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:53390] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/parameters.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX-AAAAAs"]
[Thu Jun 11 00:41:16.701476 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:53390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/parameters.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX-AAAAAs"]
[Thu Jun 11 00:41:16.789086 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:52298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVbXVEMZbaEYG_ywRmwAAAEU"]
[Thu Jun 11 00:41:16.842420 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:52304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AhQAAAIs"]
[Thu Jun 11 00:41:16.845644 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:57510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVbXVEMZbaEYG_ywRnAAAAEc"]
[Thu Jun 11 00:41:16.850694 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:53404] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.php"] [unique_id "aiouXLXVEMZbaEYG_ywRwgAAAEc"]
[Thu Jun 11 00:41:16.851171 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:53404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.php"] [unique_id "aiouXLXVEMZbaEYG_ywRwgAAAEc"]
[Thu Jun 11 00:41:16.865440 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:53418] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.json"] [unique_id "aiouXLXVEMZbaEYG_ywRwwAAAEU"]
[Thu Jun 11 00:41:16.865810 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:53418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.json"] [unique_id "aiouXLXVEMZbaEYG_ywRwwAAAEU"]
[Thu Jun 11 00:41:16.903987 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:57526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVXBSW5Z6y_w6HsGX1QAAAA0"]
[Thu Jun 11 00:41:16.916304 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:53422] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/config.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX-QAAAA0"]
[Thu Jun 11 00:41:16.916827 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:53422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/config.yml"] [unique_id "aiouXHBSW5Z6y_w6HsGX-QAAAA0"]
[Thu Jun 11 00:41:16.922692 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:53430] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.php"] [unique_id "aiouXF71v4pS85P4fn_AmgAAAIs"]
[Thu Jun 11 00:41:16.923191 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:53430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.php"] [unique_id "aiouXF71v4pS85P4fn_AmgAAAIs"]
[Thu Jun 11 00:41:16.936852 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:57538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AhgAAAIU"]
[Thu Jun 11 00:41:16.946233 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:53436] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.py"] [unique_id "aiouXF71v4pS85P4fn_AmwAAAIU"]
[Thu Jun 11 00:41:16.946527 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:53436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.py"] [unique_id "aiouXF71v4pS85P4fn_AmwAAAIU"]
[Thu Jun 11 00:41:17.136874 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:52316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVV71v4pS85P4fn_AhwAAAIE"]
[Thu Jun 11 00:41:17.140985 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:53438] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.json"] [unique_id "aiouXV71v4pS85P4fn_AnAAAAIE"]
[Thu Jun 11 00:41:17.141401 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:53438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/settings.json"] [unique_id "aiouXV71v4pS85P4fn_AnAAAAIE"]
[Thu Jun 11 00:41:17.148230 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:52340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVbXVEMZbaEYG_ywRnwAAAFc"]
[Thu Jun 11 00:41:17.156531 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:53444] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/database.php"] [unique_id "aiouXbXVEMZbaEYG_ywRxQAAAFc"]
[Thu Jun 11 00:41:17.156931 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:53444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/database.php"] [unique_id "aiouXbXVEMZbaEYG_ywRxQAAAFc"]
[Thu Jun 11 00:41:17.168172 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:52332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7igAAAUw"]
[Thu Jun 11 00:41:17.172351 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:53460] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7owAAAUw"]
[Thu Jun 11 00:41:17.172524 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:53460] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /backend/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7owAAAUw"]
[Thu Jun 11 00:41:17.172817 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:53460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/database.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7owAAAUw"]
[Thu Jun 11 00:41:17.191064 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:57550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7iwAAAUM"]
[Thu Jun 11 00:41:17.196191 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:53476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/credentials.json"] [unique_id "aiouXaoCcBDhO7fD3wA7pAAAAUM"]
[Thu Jun 11 00:41:17.196795 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:53476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/credentials.json"] [unique_id "aiouXaoCcBDhO7fD3wA7pAAAAUM"]
[Thu Jun 11 00:41:17.245598 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:52352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7jAAAAUE"]
[Thu Jun 11 00:41:17.249352 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:53484] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/secrets.json"] [unique_id "aiouXaoCcBDhO7fD3wA7pQAAAUE"]
[Thu Jun 11 00:41:17.250696 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:53484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/secrets.json"] [unique_id "aiouXaoCcBDhO7fD3wA7pQAAAUE"]
[Thu Jun 11 00:41:17.372354 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:52364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7jQAAAU4"]
[Thu Jun 11 00:41:17.376534 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:53486] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/application.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7pgAAAU4"]
[Thu Jun 11 00:41:17.377070 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:53486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/application.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7pgAAAU4"]
[Thu Jun 11 00:41:17.400687 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:52380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7jgAAAUI"]
[Thu Jun 11 00:41:17.404360 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:53494] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/application.properties"] [unique_id "aiouXaoCcBDhO7fD3wA7pwAAAUI"]
[Thu Jun 11 00:41:17.404921 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:53494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/application.properties"] [unique_id "aiouXaoCcBDhO7fD3wA7pwAAAUI"]
[Thu Jun 11 00:41:17.443131 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:57564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVbXVEMZbaEYG_ywRoAAAAEA"]
[Thu Jun 11 00:41:17.448460 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:53500] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/appsettings.json"] [unique_id "aiouXbXVEMZbaEYG_ywRxwAAAEA"]
[Thu Jun 11 00:41:17.448893 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:53500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/appsettings.json"] [unique_id "aiouXbXVEMZbaEYG_ywRxwAAAEA"]
[Thu Jun 11 00:41:17.482898 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:52392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVaoCcBDhO7fD3wA7jwAAAUU"]
[Thu Jun 11 00:41:17.486926 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:53538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/config.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7qAAAAUU"]
[Thu Jun 11 00:41:17.487328 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:53538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/config.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7qAAAAUU"]
[Thu Jun 11 00:41:17.545223 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:52398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7kQAAAUA"]
[Thu Jun 11 00:41:17.549493 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:53552] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/settings.py"] [unique_id "aiouXaoCcBDhO7fD3wA7qQAAAUA"]
[Thu Jun 11 00:41:17.550058 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:53552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/settings.py"] [unique_id "aiouXaoCcBDhO7fD3wA7qQAAAUA"]
[Thu Jun 11 00:41:17.669485 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:52420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVs0ej6tAIvUNrGGpcQAAAMA"]
[Thu Jun 11 00:41:17.679197 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:53660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/appsettings.json"] [unique_id "aiouXc0ej6tAIvUNrGGpmgAAAMA"]
[Thu Jun 11 00:41:17.679593 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:53660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/appsettings.json"] [unique_id "aiouXc0ej6tAIvUNrGGpmgAAAMA"]
[Thu Jun 11 00:41:17.685414 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:52414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVtPH5u5NVjul-pmnRwAAARc"]
[Thu Jun 11 00:41:17.690927 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:53668] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/credentials.json"] [unique_id "aiouXdPH5u5NVjul-pmnbAAAARc"]
[Thu Jun 11 00:41:17.691448 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:53668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/credentials.json"] [unique_id "aiouXdPH5u5NVjul-pmnbAAAARc"]
[Thu Jun 11 00:41:17.717004 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:52442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7kwAAAUc"]
[Thu Jun 11 00:41:17.724513 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:53514] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/parameters.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7qgAAAUc"]
[Thu Jun 11 00:41:17.724999 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:53514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/parameters.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7qgAAAUc"]
[Thu Jun 11 00:41:17.744593 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:52430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7kgAAAVA"]
[Thu Jun 11 00:41:17.749147 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:53586] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/secrets.json"] [unique_id "aiouXaoCcBDhO7fD3wA7qwAAAVA"]
[Thu Jun 11 00:41:17.749683 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:53586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/secrets.json"] [unique_id "aiouXaoCcBDhO7fD3wA7qwAAAVA"]
[Thu Jun 11 00:41:17.853916 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:52440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVs0ej6tAIvUNrGGpcgAAAMM"]
[Thu Jun 11 00:41:17.858848 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:53674] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/secrets.json"] [unique_id "aiouXc0ej6tAIvUNrGGpnAAAAMM"]
[Thu Jun 11 00:41:17.859255 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:53674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/secrets.json"] [unique_id "aiouXc0ej6tAIvUNrGGpnAAAAMM"]
[Thu Jun 11 00:41:17.949655 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:52470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7lAAAAUY"]
[Thu Jun 11 00:41:17.951969 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:52476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7lQAAAVI"]
[Thu Jun 11 00:41:17.959085 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:53688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/config.php"] [unique_id "aiouXaoCcBDhO7fD3wA7rAAAAUY"]
[Thu Jun 11 00:41:17.959430 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:53688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/config.php"] [unique_id "aiouXaoCcBDhO7fD3wA7rAAAAUY"]
[Thu Jun 11 00:41:17.966989 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:53710] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/config.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7rQAAAVI"]
[Thu Jun 11 00:41:17.967132 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:53710] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/config.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7rQAAAVI"]
[Thu Jun 11 00:41:17.967360 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:53710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/config.yml"] [unique_id "aiouXaoCcBDhO7fD3wA7rQAAAVI"]
[Thu Jun 11 00:41:17.989876 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:52456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVnBSW5Z6y_w6HsGX2AAAAAk"]
[Thu Jun 11 00:41:18.046841 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:52490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7lgAAAUo"]
[Thu Jun 11 00:41:18.053020 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:53700] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/config.json"] [unique_id "aiouXqoCcBDhO7fD3wA7rgAAAUo"]
[Thu Jun 11 00:41:18.053419 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:53700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/config.json"] [unique_id "aiouXqoCcBDhO7fD3wA7rgAAAUo"]
[Thu Jun 11 00:41:18.127801 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:52504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVl71v4pS85P4fn_AiAAAAJE"]
[Thu Jun 11 00:41:18.131638 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:53518] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/config.php"] [unique_id "aiouXl71v4pS85P4fn_AnQAAAJE"]
[Thu Jun 11 00:41:18.132136 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:53518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/config.php"] [unique_id "aiouXl71v4pS85P4fn_AnQAAAJE"]
[Thu Jun 11 00:41:18.247975 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:52520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7mAAAAVY"]
[Thu Jun 11 00:41:18.253062 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:53588] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/application.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7rwAAAVY"]
[Thu Jun 11 00:41:18.253472 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:53588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/application.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7rwAAAVY"]
[Thu Jun 11 00:41:18.255416 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:52512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7lwAAAU0"]
[Thu Jun 11 00:41:18.264829 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:52522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7mQAAAU8"]
[Thu Jun 11 00:41:18.267201 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:53796] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/keys.json"] [unique_id "aiouXqoCcBDhO7fD3wA7sAAAAU8"]
[Thu Jun 11 00:41:18.267611 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:53796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/keys.json"] [unique_id "aiouXqoCcBDhO7fD3wA7sAAAAU8"]
[Thu Jun 11 00:41:18.361331 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:52538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVl71v4pS85P4fn_AiQAAAII"]
[Thu Jun 11 00:41:18.365991 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:53724] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/settings.php"] [unique_id "aiouXl71v4pS85P4fn_AngAAAII"]
[Thu Jun 11 00:41:18.366527 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:53724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/settings.php"] [unique_id "aiouXl71v4pS85P4fn_AngAAAII"]
[Thu Jun 11 00:41:18.369832 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:52534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7mgAAAVU"]
[Thu Jun 11 00:41:18.373686 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:53778] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/database.json"] [unique_id "aiouXqoCcBDhO7fD3wA7sgAAAVU"]
[Thu Jun 11 00:41:18.374051 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:53778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/database.json"] [unique_id "aiouXqoCcBDhO7fD3wA7sgAAAVU"]
[Thu Jun 11 00:41:18.529335 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:52546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVrXVEMZbaEYG_ywRowAAAE8"]
[Thu Jun 11 00:41:18.529866 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:52558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7mwAAAVM"]
[Thu Jun 11 00:41:18.533702 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:53804] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/application.yml"] [unique_id "aiouXrXVEMZbaEYG_ywRygAAAE8"]
[Thu Jun 11 00:41:18.534082 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:53804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/application.yml"] [unique_id "aiouXrXVEMZbaEYG_ywRygAAAE8"]
[Thu Jun 11 00:41:18.535635 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:53818] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/application.properties"] [unique_id "aiouXqoCcBDhO7fD3wA7swAAAVM"]
[Thu Jun 11 00:41:18.535993 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:53818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/application.properties"] [unique_id "aiouXqoCcBDhO7fD3wA7swAAAVM"]
[Thu Jun 11 00:41:18.558440 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:52566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7nAAAAVc"]
[Thu Jun 11 00:41:18.562652 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:53828] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7tAAAAVc"]
[Thu Jun 11 00:41:18.562839 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:53828] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7tAAAAVc"]
[Thu Jun 11 00:41:18.563227 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:53828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7tAAAAVc"]
[Thu Jun 11 00:41:18.601141 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:53830] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/parameters.yaml"] [unique_id "aiouXqoCcBDhO7fD3wA7tQAAAU0"]
[Thu Jun 11 00:41:18.601679 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:53830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/parameters.yaml"] [unique_id "aiouXqoCcBDhO7fD3wA7tQAAAU0"]
[Thu Jun 11 00:41:18.626431 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:52560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7nQAAAVg"]
[Thu Jun 11 00:41:18.629716 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:53532] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/config.json"] [unique_id "aiouXqoCcBDhO7fD3wA7tgAAAVg"]
[Thu Jun 11 00:41:18.630162 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:53532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/config.json"] [unique_id "aiouXqoCcBDhO7fD3wA7tgAAAVg"]
[Thu Jun 11 00:41:18.646486 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:52570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7ngAAAUs"]
[Thu Jun 11 00:41:18.650509 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:53842] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/app.php"] [unique_id "aiouXqoCcBDhO7fD3wA7twAAAUs"]
[Thu Jun 11 00:41:18.650942 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:53842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/app.php"] [unique_id "aiouXqoCcBDhO7fD3wA7twAAAUs"]
[Thu Jun 11 00:41:18.790549 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:52582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouVqoCcBDhO7fD3wA7nwAAAUk"]
[Thu Jun 11 00:41:18.793117 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:52584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV6oCcBDhO7fD3wA7oAAAAVQ"]
[Thu Jun 11 00:41:18.797522 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:53572] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/database.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7uAAAAUk"]
[Thu Jun 11 00:41:18.797731 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:53572] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /src/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/database.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7uAAAAUk"]
[Thu Jun 11 00:41:18.798014 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:53572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/database.yml"] [unique_id "aiouXqoCcBDhO7fD3wA7uAAAAUk"]
[Thu Jun 11 00:41:18.805675 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:52586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV6oCcBDhO7fD3wA7oQAAAUg"]
[Thu Jun 11 00:41:18.810663 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:53560] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/settings.json"] [unique_id "aiouXqoCcBDhO7fD3wA7uQAAAUg"]
[Thu Jun 11 00:41:18.811133 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:53560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/settings.json"] [unique_id "aiouXqoCcBDhO7fD3wA7uQAAAUg"]
[Thu Jun 11 00:41:18.895838 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:52598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV6oCcBDhO7fD3wA7ogAAAUQ"]
[Thu Jun 11 00:41:18.908808 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:52606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV9PH5u5NVjul-pmnSwAAAQU"]
[Thu Jun 11 00:41:18.914880 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:53596] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/application.properties"] [unique_id "aiouXtPH5u5NVjul-pmnbwAAAQU"]
[Thu Jun 11 00:41:18.915321 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:53596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/application.properties"] [unique_id "aiouXtPH5u5NVjul-pmnbwAAAQU"]
[Thu Jun 11 00:41:19.022329 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:53634] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/application.yml"] [unique_id "aiouX6oCcBDhO7fD3wA7vAAAAVQ"]
[Thu Jun 11 00:41:19.022920 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:53634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/application.yml"] [unique_id "aiouX6oCcBDhO7fD3wA7vAAAAVQ"]
[Thu Jun 11 00:41:19.053908 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:52630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX2wAAAAo"]
[Thu Jun 11 00:41:19.058178 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:53646] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/application.properties"] [unique_id "aiouX3BSW5Z6y_w6HsGX_wAAAAo"]
[Thu Jun 11 00:41:19.058614 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:53646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/application.properties"] [unique_id "aiouX3BSW5Z6y_w6HsGX_wAAAAo"]
[Thu Jun 11 00:41:19.087697 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:52624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV7XVEMZbaEYG_ywRpQAAAEg"]
[Thu Jun 11 00:41:19.099129 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:52612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV9PH5u5NVjul-pmnTAAAARI"]
[Thu Jun 11 00:41:19.104837 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:53860] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/services.php"] [unique_id "aiouX9PH5u5NVjul-pmncQAAARI"]
[Thu Jun 11 00:41:19.105213 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:53860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/services.php"] [unique_id "aiouX9PH5u5NVjul-pmncQAAARI"]
[Thu Jun 11 00:41:19.201094 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:52660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV171v4pS85P4fn_AigAAAIg"]
[Thu Jun 11 00:41:19.206080 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:53772] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/database.yml"] [unique_id "aiouX171v4pS85P4fn_AnwAAAIg"]
[Thu Jun 11 00:41:19.206278 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:53772] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/database.yml"] [unique_id "aiouX171v4pS85P4fn_AnwAAAIg"]
[Thu Jun 11 00:41:19.206973 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:53772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/database.yml"] [unique_id "aiouX171v4pS85P4fn_AnwAAAIg"]
[Thu Jun 11 00:41:19.208905 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:52644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV80ej6tAIvUNrGGpcwAAAMY"]
[Thu Jun 11 00:41:19.212025 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:53584] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/credentials.json"] [unique_id "aiouX80ej6tAIvUNrGGpoQAAAMY"]
[Thu Jun 11 00:41:19.212359 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:53584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/credentials.json"] [unique_id "aiouX80ej6tAIvUNrGGpoQAAAMY"]
[Thu Jun 11 00:41:19.318285 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:53876] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/config.json"] [unique_id "aiouX7XVEMZbaEYG_ywRzQAAAEg"]
[Thu Jun 11 00:41:19.318754 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:53876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/config.json"] [unique_id "aiouX7XVEMZbaEYG_ywRzQAAAEg"]
[Thu Jun 11 00:41:19.344152 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:52688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV7XVEMZbaEYG_ywRpwAAAEE"]
[Thu Jun 11 00:41:19.347936 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:52636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX3AAAAAA"]
[Thu Jun 11 00:41:19.355819 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:53740] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/settings.json"] [unique_id "aiouX3BSW5Z6y_w6HsGYAQAAAAA"]
[Thu Jun 11 00:41:19.356172 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:53740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/settings.json"] [unique_id "aiouX3BSW5Z6y_w6HsGYAQAAAAA"]
[Thu Jun 11 00:41:19.358473 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:53784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/credentials.json"] [unique_id "aiouX7XVEMZbaEYG_ywRzgAAAEE"]
[Thu Jun 11 00:41:19.358814 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:53784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/credentials.json"] [unique_id "aiouX7XVEMZbaEYG_ywRzgAAAEE"]
[Thu Jun 11 00:41:19.397924 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:52676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV9PH5u5NVjul-pmnTgAAAQg"]
[Thu Jun 11 00:41:19.402808 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:53788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/secrets.json"] [unique_id "aiouX9PH5u5NVjul-pmncgAAAQg"]
[Thu Jun 11 00:41:19.403219 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:53788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/secrets.json"] [unique_id "aiouX9PH5u5NVjul-pmncgAAAQg"]
[Thu Jun 11 00:41:19.452944 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:52690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX3gAAAA8"]
[Thu Jun 11 00:41:19.458915 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:53912] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/secrets.json"] [unique_id "aiouX3BSW5Z6y_w6HsGYAgAAAA8"]
[Thu Jun 11 00:41:19.459446 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:53912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/secrets.json"] [unique_id "aiouX3BSW5Z6y_w6HsGYAgAAAA8"]
[Thu Jun 11 00:41:19.490762 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:53948] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/config.yml"] [unique_id "aiouX6oCcBDhO7fD3wA7vgAAAUQ"]
[Thu Jun 11 00:41:19.491252 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:53948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/config.yml"] [unique_id "aiouX6oCcBDhO7fD3wA7vgAAAUQ"]
[Thu Jun 11 00:41:19.540903 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:52698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV3BSW5Z6y_w6HsGX3wAAABc"]
[Thu Jun 11 00:41:19.546447 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:53890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/config.yml"] [unique_id "aiouX3BSW5Z6y_w6HsGYAwAAABc"]
[Thu Jun 11 00:41:19.546907 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:53890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/config.yml"] [unique_id "aiouX3BSW5Z6y_w6HsGYAwAAABc"]
[Thu Jun 11 00:41:19.648525 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:52716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWLXVEMZbaEYG_ywRqAAAAFI"]
[Thu Jun 11 00:41:19.658469 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:53962] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/secrets.json"] [unique_id "aiouX7XVEMZbaEYG_ywR0AAAAFI"]
[Thu Jun 11 00:41:19.658869 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:53962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/secrets.json"] [unique_id "aiouX7XVEMZbaEYG_ywR0AAAAFI"]
[Thu Jun 11 00:41:19.700970 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:52732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWNPH5u5NVjul-pmnTwAAAQ4"]
[Thu Jun 11 00:41:19.704365 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:53974] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/credentials.json"] [unique_id "aiouX9PH5u5NVjul-pmndAAAAQ4"]
[Thu Jun 11 00:41:19.704725 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:53974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/credentials.json"] [unique_id "aiouX9PH5u5NVjul-pmndAAAAQ4"]
[Thu Jun 11 00:41:19.713082 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:52702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouV80ej6tAIvUNrGGpdAAAAM4"]
[Thu Jun 11 00:41:19.718640 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:53628] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/database.yml"] [unique_id "aiouX80ej6tAIvUNrGGppQAAAM4"]
[Thu Jun 11 00:41:19.718809 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:53628] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /server/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/server/database.yml"] [unique_id "aiouX80ej6tAIvUNrGGppQAAAM4"]
[Thu Jun 11 00:41:19.719064 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:53628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/database.yml"] [unique_id "aiouX80ej6tAIvUNrGGppQAAAM4"]
[Thu Jun 11 00:41:19.786385 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:52742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWM0ej6tAIvUNrGGpdQAAANU"]
[Thu Jun 11 00:41:19.790945 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:53606] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/config.json"] [unique_id "aiouX80ej6tAIvUNrGGppgAAANU"]
[Thu Jun 11 00:41:19.791325 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:53606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/config.json"] [unique_id "aiouX80ej6tAIvUNrGGppgAAANU"]
[Thu Jun 11 00:41:19.832619 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:52748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWLXVEMZbaEYG_ywRqgAAAEs"]
[Thu Jun 11 00:41:19.848544 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:53976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/config.json"] [unique_id "aiouX7XVEMZbaEYG_ywR0QAAAEs"]
[Thu Jun 11 00:41:19.849165 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:53976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/config.json"] [unique_id "aiouX7XVEMZbaEYG_ywR0QAAAEs"]
[Thu Jun 11 00:41:19.900626 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:52760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWF71v4pS85P4fn_AiwAAAJU"]
[Thu Jun 11 00:41:19.911076 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:53992] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/secrets.json"] [unique_id "aiouX171v4pS85P4fn_AoAAAAJU"]
[Thu Jun 11 00:41:19.911651 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:53992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/secrets.json"] [unique_id "aiouX171v4pS85P4fn_AoAAAAJU"]
[Thu Jun 11 00:41:19.997064 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:52768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWLXVEMZbaEYG_ywRqwAAAEo"]
[Thu Jun 11 00:41:20.011003 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:53756] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/database.php"] [unique_id "aiouYLXVEMZbaEYG_ywR0wAAAEo"]
[Thu Jun 11 00:41:20.011436 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:53756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/database.php"] [unique_id "aiouYLXVEMZbaEYG_ywR0wAAAEo"]
[Thu Jun 11 00:41:20.030906 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:54006] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/config.json"] [unique_id "aiouYLXVEMZbaEYG_ywR1AAAAFQ"]
[Thu Jun 11 00:41:20.031344 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:54006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/config.json"] [unique_id "aiouYLXVEMZbaEYG_ywR1AAAAFQ"]
[Thu Jun 11 00:41:20.052791 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:52778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWHBSW5Z6y_w6HsGX4QAAABA"]
[Thu Jun 11 00:41:20.062187 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:54002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/credentials.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYBQAAABA"]
[Thu Jun 11 00:41:20.062667 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:54002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/credentials.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYBQAAABA"]
[Thu Jun 11 00:41:20.074142 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:52788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWHBSW5Z6y_w6HsGX4gAAABQ"]
[Thu Jun 11 00:41:20.078941 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:54028] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/config.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYBgAAABQ"]
[Thu Jun 11 00:41:20.079494 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:54028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/config.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYBgAAABQ"]
[Thu Jun 11 00:41:20.160372 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:52794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWNPH5u5NVjul-pmnUQAAAQw"]
[Thu Jun 11 00:41:20.167683 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:53900] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/database.yml"] [unique_id "aiouYNPH5u5NVjul-pmndgAAAQw"]
[Thu Jun 11 00:41:20.167811 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:53900] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /services/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/database.yml"] [unique_id "aiouYNPH5u5NVjul-pmndgAAAQw"]
[Thu Jun 11 00:41:20.168024 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:53900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/database.yml"] [unique_id "aiouYNPH5u5NVjul-pmndgAAAQw"]
[Thu Jun 11 00:41:20.205178 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:52810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWM0ej6tAIvUNrGGpdgAAANc"]
[Thu Jun 11 00:41:20.210299 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:54036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/config.json"] [unique_id "aiouYM0ej6tAIvUNrGGpqQAAANc"]
[Thu Jun 11 00:41:20.210810 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:54036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/config.json"] [unique_id "aiouYM0ej6tAIvUNrGGpqQAAANc"]
[Thu Jun 11 00:41:20.285975 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:52818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWNPH5u5NVjul-pmnUgAAAQo"]
[Thu Jun 11 00:41:20.289336 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:53864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/cache.php"] [unique_id "aiouYNPH5u5NVjul-pmndwAAAQo"]
[Thu Jun 11 00:41:20.289709 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:53864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/cache.php"] [unique_id "aiouYNPH5u5NVjul-pmndwAAAQo"]
[Thu Jun 11 00:41:20.334341 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:52832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWHBSW5Z6y_w6HsGX4wAAAAw"]
[Thu Jun 11 00:41:20.337835 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:54022] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/secrets.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYCAAAAAw"]
[Thu Jun 11 00:41:20.338510 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:54022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/secrets.json"] [unique_id "aiouYHBSW5Z6y_w6HsGYCAAAAAw"]
[Thu Jun 11 00:41:20.344532 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:52848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWM0ej6tAIvUNrGGpdwAAAMQ"]
[Thu Jun 11 00:41:20.348267 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:54052] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php"] [unique_id "aiouYM0ej6tAIvUNrGGpqgAAAMQ"]
[Thu Jun 11 00:41:20.348432 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:54052] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php"] [unique_id "aiouYM0ej6tAIvUNrGGpqgAAAMQ"]
[Thu Jun 11 00:41:20.348771 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:54052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php"] [unique_id "aiouYM0ej6tAIvUNrGGpqgAAAMQ"]
[Thu Jun 11 00:41:20.428753 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:52864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWLXVEMZbaEYG_ywRrQAAAFY"]
[Thu Jun 11 00:41:20.432610 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:54066] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiouYLXVEMZbaEYG_ywR1QAAAFY"]
[Thu Jun 11 00:41:20.432741 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:54066] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiouYLXVEMZbaEYG_ywR1QAAAFY"]
[Thu Jun 11 00:41:20.432874 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:54066] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiouYLXVEMZbaEYG_ywR1QAAAFY"]
[Thu Jun 11 00:41:20.433141 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:54066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiouYLXVEMZbaEYG_ywR1QAAAFY"]
[Thu Jun 11 00:41:20.449469 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:52876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWM0ej6tAIvUNrGGpeAAAANg"]
[Thu Jun 11 00:41:20.453007 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:53936] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/config.json"] [unique_id "aiouYM0ej6tAIvUNrGGprAAAANg"]
[Thu Jun 11 00:41:20.453467 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:53936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/config.json"] [unique_id "aiouYM0ej6tAIvUNrGGprAAAANg"]
[Thu Jun 11 00:41:20.554765 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:52882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWNPH5u5NVjul-pmnVAAAAQQ"]
[Thu Jun 11 00:41:20.561729 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:54074] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiouYNPH5u5NVjul-pmneQAAAQQ"]
[Thu Jun 11 00:41:20.561867 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:54074] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiouYNPH5u5NVjul-pmneQAAAQQ"]
[Thu Jun 11 00:41:20.562031 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:54074] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiouYNPH5u5NVjul-pmneQAAAQQ"]
[Thu Jun 11 00:41:20.562308 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:54074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiouYNPH5u5NVjul-pmneQAAAQQ"]
[Thu Jun 11 00:41:20.585884 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:52890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWLXVEMZbaEYG_ywRrgAAAE0"]
[Thu Jun 11 00:41:20.590484 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:54086] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php~"] [unique_id "aiouYLXVEMZbaEYG_ywR1wAAAE0"]
[Thu Jun 11 00:41:20.590618 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:54086] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php~"] [unique_id "aiouYLXVEMZbaEYG_ywR1wAAAE0"]
[Thu Jun 11 00:41:20.590749 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:54086] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php~"] [unique_id "aiouYLXVEMZbaEYG_ywR1wAAAE0"]
[Thu Jun 11 00:41:20.591064 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:54086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.php~"] [unique_id "aiouYLXVEMZbaEYG_ywR1wAAAE0"]
[Thu Jun 11 00:41:20.608857 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:52888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWHBSW5Z6y_w6HsGX5AAAAAc"]
[Thu Jun 11 00:41:20.630771 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:54102] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/wp-config.bak"] [unique_id "aiouYHBSW5Z6y_w6HsGYCQAAAAc"]
[Thu Jun 11 00:41:20.630914 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:54102] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.bak"] [unique_id "aiouYHBSW5Z6y_w6HsGYCQAAAAc"]
[Thu Jun 11 00:41:20.631048 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:54102] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.bak"] [unique_id "aiouYHBSW5Z6y_w6HsGYCQAAAAc"]
[Thu Jun 11 00:41:20.631324 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:54102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.bak"] [unique_id "aiouYHBSW5Z6y_w6HsGYCQAAAAc"]
[Thu Jun 11 00:41:20.721738 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:52900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWc0ej6tAIvUNrGGpeQAAAM8"]
[Thu Jun 11 00:41:20.725874 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:53922] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/application.yml"] [unique_id "aiouYM0ej6tAIvUNrGGprgAAAM8"]
[Thu Jun 11 00:41:20.726271 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:53922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/application.yml"] [unique_id "aiouYM0ej6tAIvUNrGGprgAAAM8"]
[Thu Jun 11 00:41:20.728911 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:52896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWbXVEMZbaEYG_ywRsAAAAFU"]
[Thu Jun 11 00:41:20.732468 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:53856] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/mail.php"] [unique_id "aiouYLXVEMZbaEYG_ywR2AAAAFU"]
[Thu Jun 11 00:41:20.732840 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:53856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/mail.php"] [unique_id "aiouYLXVEMZbaEYG_ywR2AAAAFU"]
[Thu Jun 11 00:41:20.845730 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:52912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX5gAAABE"]
[Thu Jun 11 00:41:20.850322 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:54118] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "aiouYHBSW5Z6y_w6HsGYCwAAABE"]
[Thu Jun 11 00:41:20.850443 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:54118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "aiouYHBSW5Z6y_w6HsGYCwAAABE"]
[Thu Jun 11 00:41:20.850890 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:54118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "aiouYHBSW5Z6y_w6HsGYCwAAABE"]
[Thu Jun 11 00:41:20.879367 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:52926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX5wAAAAg"]
[Thu Jun 11 00:41:20.884230 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:54104] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp-config.txt"] [unique_id "aiouYHBSW5Z6y_w6HsGYDAAAAAg"]
[Thu Jun 11 00:41:20.884398 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:54104] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp-config.txt"] [unique_id "aiouYHBSW5Z6y_w6HsGYDAAAAAg"]
[Thu Jun 11 00:41:20.884726 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:54104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp-config.txt"] [unique_id "aiouYHBSW5Z6y_w6HsGYDAAAAAg"]
[Thu Jun 11 00:41:20.908419 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:52918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWdPH5u5NVjul-pmnVQAAARE"]
[Thu Jun 11 00:41:20.913793 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:54110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/local-config.php"] [unique_id "aiouYNPH5u5NVjul-pmnegAAARE"]
[Thu Jun 11 00:41:20.914172 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:54110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/local-config.php"] [unique_id "aiouYNPH5u5NVjul-pmnegAAARE"]
[Thu Jun 11 00:41:20.983818 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:52934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWV71v4pS85P4fn_AjAAAAJg"]
[Thu Jun 11 00:41:20.988567 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:54112] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/bootstrap/cache/config.php"] [unique_id "aiouYF71v4pS85P4fn_AoQAAAJg"]
[Thu Jun 11 00:41:20.989031 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:54112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/bootstrap/cache/config.php"] [unique_id "aiouYF71v4pS85P4fn_AoQAAAJg"]
[Thu Jun 11 00:41:21.039273 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:52948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWc0ej6tAIvUNrGGpegAAAM0"]
[Thu Jun 11 00:41:21.129113 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:52960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX6AAAABM"]
[Thu Jun 11 00:41:21.135903 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:54120] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiouYXBSW5Z6y_w6HsGYDQAAABM"]
[Thu Jun 11 00:41:21.136120 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:54120] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiouYXBSW5Z6y_w6HsGYDQAAABM"]
[Thu Jun 11 00:41:21.136350 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:54120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiouYXBSW5Z6y_w6HsGYDQAAABM"]
[Thu Jun 11 00:41:21.181925 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:52974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWdPH5u5NVjul-pmnVwAAARY"]
[Thu Jun 11 00:41:21.216398 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:52968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWbXVEMZbaEYG_ywRsgAAAEM"]
[Thu Jun 11 00:41:21.268139 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:58174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWdPH5u5NVjul-pmnWAAAAQY"]
[Thu Jun 11 00:41:21.270027 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:54140] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config/config.yml"] [unique_id "aiouYc0ej6tAIvUNrGGpswAAAM0"]
[Thu Jun 11 00:41:21.270072 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:54134] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/config/parameters.yaml"] [unique_id "aiouYdPH5u5NVjul-pmnfQAAAQY"]
[Thu Jun 11 00:41:21.270177 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:54140] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /app/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/config/config.yml"] [unique_id "aiouYc0ej6tAIvUNrGGpswAAAM0"]
[Thu Jun 11 00:41:21.270408 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:54140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config/config.yml"] [unique_id "aiouYc0ej6tAIvUNrGGpswAAAM0"]
[Thu Jun 11 00:41:21.270410 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:54134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/config/parameters.yaml"] [unique_id "aiouYdPH5u5NVjul-pmnfQAAAQY"]
[Thu Jun 11 00:41:21.354519 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:52982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWbXVEMZbaEYG_ywRswAAAEY"]
[Thu Jun 11 00:41:21.358710 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:54152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings/local.py"] [unique_id "aiouYbXVEMZbaEYG_ywR2wAAAEY"]
[Thu Jun 11 00:41:21.359083 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:54152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings/local.py"] [unique_id "aiouYbXVEMZbaEYG_ywR2wAAAEY"]
[Thu Jun 11 00:41:21.429694 2026] [security2:error] [pid 7752:tid 7773] [client 34.106.8.40:52984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWbXVEMZbaEYG_ywRtAAAAFA"]
[Thu Jun 11 00:41:21.440776 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:54156] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings/base.py"] [unique_id "aiouYbXVEMZbaEYG_ywR3AAAAEM"]
[Thu Jun 11 00:41:21.441234 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:54156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings/base.py"] [unique_id "aiouYbXVEMZbaEYG_ywR3AAAAEM"]
[Thu Jun 11 00:41:21.499840 2026] [security2:error] [pid 22855:tid 22870] [client 34.106.8.40:52996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWV71v4pS85P4fn_AjQAAAIQ"]
[Thu Jun 11 00:41:21.543706 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:53006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWc0ej6tAIvUNrGGpewAAANY"]
[Thu Jun 11 00:41:21.547673 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:54144] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/settings/production.py"] [unique_id "aiouYc0ej6tAIvUNrGGptgAAANY"]
[Thu Jun 11 00:41:21.548039 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:54144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/settings/production.py"] [unique_id "aiouYc0ej6tAIvUNrGGptgAAANY"]
[Thu Jun 11 00:41:21.610105 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:53008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWdPH5u5NVjul-pmnWgAAARQ"]
[Thu Jun 11 00:41:21.612634 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:54168] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/core/settings.py"] [unique_id "aiouYdPH5u5NVjul-pmngAAAARQ"]
[Thu Jun 11 00:41:21.613058 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:54168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/core/settings.py"] [unique_id "aiouYdPH5u5NVjul-pmngAAAARQ"]
[Thu Jun 11 00:41:21.676924 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:53012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWV71v4pS85P4fn_AjgAAAJY"]
[Thu Jun 11 00:41:21.691287 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:54196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application/config/config.php"] [unique_id "aiouYV71v4pS85P4fn_AowAAAJY"]
[Thu Jun 11 00:41:21.693787 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:54196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application/config/config.php"] [unique_id "aiouYV71v4pS85P4fn_AowAAAJY"]
[Thu Jun 11 00:41:21.744508 2026] [security2:error] [pid 21075:tid 21084] [client 34.106.8.40:53018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWXBSW5Z6y_w6HsGX6wAAAAY"]
[Thu Jun 11 00:41:21.814899 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:53020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWtPH5u5NVjul-pmnWwAAAQc"]
[Thu Jun 11 00:41:21.817718 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:54180] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/project/settings.py"] [unique_id "aiouYdPH5u5NVjul-pmnggAAAQc"]
[Thu Jun 11 00:41:21.818127 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:54180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/project/settings.py"] [unique_id "aiouYdPH5u5NVjul-pmnggAAAQc"]
[Thu Jun 11 00:41:21.880861 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:53028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWrXVEMZbaEYG_ywRtgAAAEk"]
[Thu Jun 11 00:41:21.885017 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:54210] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/system/application/config/database.php"] [unique_id "aiouYbXVEMZbaEYG_ywR4AAAAEk"]
[Thu Jun 11 00:41:21.885349 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:54210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/system/application/config/database.php"] [unique_id "aiouYbXVEMZbaEYG_ywR4AAAAEk"]
[Thu Jun 11 00:41:21.973871 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:53036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWs0ej6tAIvUNrGGpfAAAANQ"]
[Thu Jun 11 00:41:21.978840 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:54184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application/config/database.php"] [unique_id "aiouYV71v4pS85P4fn_ApAAAAI4"]
[Thu Jun 11 00:41:21.979332 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:54184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application/config/database.php"] [unique_id "aiouYV71v4pS85P4fn_ApAAAAI4"]
[Thu Jun 11 00:41:21.981075 2026] [security2:error] [pid 21126:tid 21145] [client 34.106.8.40:54252] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/classes/application.properties"] [unique_id "aiouYc0ej6tAIvUNrGGpuAAAANE"]
[Thu Jun 11 00:41:21.982997 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:54266] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/META-INF/context.xml"] [unique_id "aiouYaoCcBDhO7fD3wA7vwAAAVE"]
[Thu Jun 11 00:41:21.983489 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:54266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/META-INF/context.xml"] [unique_id "aiouYaoCcBDhO7fD3wA7vwAAAVE"]
[Thu Jun 11 00:41:21.984415 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:54224] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/web.xml"] [unique_id "aiouYXBSW5Z6y_w6HsGYEAAAAA4"]
[Thu Jun 11 00:41:21.984795 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:54224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/web.xml"] [unique_id "aiouYXBSW5Z6y_w6HsGYEAAAAA4"]
[Thu Jun 11 00:41:21.987839 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:54238] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/context.xml"] [unique_id "aiouYdPH5u5NVjul-pmngwAAARY"]
[Thu Jun 11 00:41:21.988178 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:54238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/context.xml"] [unique_id "aiouYdPH5u5NVjul-pmngwAAARY"]
[Thu Jun 11 00:41:21.989492 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:54276] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "aiouYc0ej6tAIvUNrGGpuQAAAMs"]
[Thu Jun 11 00:41:21.989699 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:54276] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "aiouYc0ej6tAIvUNrGGpuQAAAMs"]
[Thu Jun 11 00:41:21.989953 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:54276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "aiouYc0ej6tAIvUNrGGpuQAAAMs"]
[Thu Jun 11 00:41:22.003212 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:54272] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "aiouYrXVEMZbaEYG_ywR4QAAAEQ"]
[Thu Jun 11 00:41:22.003409 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:54272] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "aiouYrXVEMZbaEYG_ywR4QAAAEQ"]
[Thu Jun 11 00:41:22.003801 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:54272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "aiouYrXVEMZbaEYG_ywR4QAAAEQ"]
[Thu Jun 11 00:41:22.004764 2026] [security2:error] [pid 21126:tid 21145] [client 34.106.8.40:54252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/WEB-INF/classes/application.properties"] [unique_id "aiouYc0ej6tAIvUNrGGpuAAAANE"]
[Thu Jun 11 00:41:22.007043 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:54284] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "aiouYtPH5u5NVjul-pmnhAAAAQA"]
[Thu Jun 11 00:41:22.008480 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:54314] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "aiouYnBSW5Z6y_w6HsGYEQAAABI"]
[Thu Jun 11 00:41:22.008712 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:54314] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/deployment.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "aiouYnBSW5Z6y_w6HsGYEQAAABI"]
[Thu Jun 11 00:41:22.008967 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:54314] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "aiouYnBSW5Z6y_w6HsGYEQAAABI"]
[Thu Jun 11 00:41:22.009228 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:54284] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "aiouYtPH5u5NVjul-pmnhAAAAQA"]
[Thu Jun 11 00:41:22.009461 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:54284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "aiouYtPH5u5NVjul-pmnhAAAAQA"]
[Thu Jun 11 00:41:22.028317 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:53046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWl71v4pS85P4fn_AjwAAAJQ"]
[Thu Jun 11 00:41:22.033847 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:54322] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.vscode/sftp.json"] [unique_id "aiouYl71v4pS85P4fn_ApgAAAJQ"]
[Thu Jun 11 00:41:22.034146 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:54322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.vscode/sftp.json"] [unique_id "aiouYl71v4pS85P4fn_ApgAAAJQ"]
[Thu Jun 11 00:41:22.084093 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:53056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWnBSW5Z6y_w6HsGX7AAAAAE"]
[Thu Jun 11 00:41:22.107504 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:54298] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "aiouYs0ej6tAIvUNrGGpuwAAAMc"]
[Thu Jun 11 00:41:22.107727 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:54298] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/webservers.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "aiouYs0ej6tAIvUNrGGpuwAAAMc"]
[Thu Jun 11 00:41:22.108118 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:54298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "aiouYs0ej6tAIvUNrGGpuwAAAMc"]
[Thu Jun 11 00:41:22.151686 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:53058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWs0ej6tAIvUNrGGpfQAAAMw"]
[Thu Jun 11 00:41:22.188248 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:53062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWl71v4pS85P4fn_AkAAAAJA"]
[Thu Jun 11 00:41:22.327960 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:53072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWrXVEMZbaEYG_ywRuAAAAEI"]
[Thu Jun 11 00:41:22.406381 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:53078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWtPH5u5NVjul-pmnXQAAARM"]
[Thu Jun 11 00:41:22.409462 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:54324] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.vscode/settings.json"] [unique_id "aiouYtPH5u5NVjul-pmnhwAAARM"]
[Thu Jun 11 00:41:22.409890 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:54324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.vscode/settings.json"] [unique_id "aiouYtPH5u5NVjul-pmnhwAAARM"]
[Thu Jun 11 00:41:22.495560 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:54354] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.vscode/tasks.json"] [unique_id "aiouYs0ej6tAIvUNrGGpvQAAANQ"]
[Thu Jun 11 00:41:22.496011 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:54354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.vscode/tasks.json"] [unique_id "aiouYs0ej6tAIvUNrGGpvQAAANQ"]
[Thu Jun 11 00:41:22.518671 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:53106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWs0ej6tAIvUNrGGpgAAAAMI"]
[Thu Jun 11 00:41:22.546993 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:53094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWtPH5u5NVjul-pmnXgAAARg"]
[Thu Jun 11 00:41:22.576878 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:53118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWnBSW5Z6y_w6HsGX7gAAABg"]
[Thu Jun 11 00:41:22.582774 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:54338] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.vscode/launch.json"] [unique_id "aiouYnBSW5Z6y_w6HsGYFAAAABg"]
[Thu Jun 11 00:41:22.583171 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:54338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.vscode/launch.json"] [unique_id "aiouYnBSW5Z6y_w6HsGYFAAAABg"]
[Thu Jun 11 00:41:22.715886 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:53130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWrXVEMZbaEYG_ywRuwAAAFg"]
[Thu Jun 11 00:41:22.719082 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:54360] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "aiouYrXVEMZbaEYG_ywR5gAAAFg"]
[Thu Jun 11 00:41:22.719239 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:54360] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "aiouYrXVEMZbaEYG_ywR5gAAAFg"]
[Thu Jun 11 00:41:22.719623 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:54360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "aiouYrXVEMZbaEYG_ywR5gAAAFg"]
[Thu Jun 11 00:41:22.835355 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:53624] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/settings.json"] [unique_id "aiouYtPH5u5NVjul-pmnigAAAQE"]
[Thu Jun 11 00:41:22.835894 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:53624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/settings.json"] [unique_id "aiouYtPH5u5NVjul-pmnigAAAQE"]
[Thu Jun 11 00:41:22.861019 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWl71v4pS85P4fn_AkQAAAIY"]
[Thu Jun 11 00:41:22.865792 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/config.yml"] [unique_id "aiouYl71v4pS85P4fn_AqwAAAIY"]
[Thu Jun 11 00:41:22.866218 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/config.yml"] [unique_id "aiouYl71v4pS85P4fn_AqwAAAIY"]
[Thu Jun 11 00:41:22.914474 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:54362] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.travis.yml"] [unique_id "aiouYs0ej6tAIvUNrGGpvwAAAMw"]
[Thu Jun 11 00:41:22.914663 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:54362] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.travis.yml"] [unique_id "aiouYs0ej6tAIvUNrGGpvwAAAMw"]
[Thu Jun 11 00:41:22.914881 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:54362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.travis.yml"] [unique_id "aiouYs0ej6tAIvUNrGGpvwAAAMw"]
[Thu Jun 11 00:41:22.991853 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:53170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW7XVEMZbaEYG_ywRvAAAAFE"]
[Thu Jun 11 00:41:22.993368 2026] [security2:error] [pid 31551:tid 31567] [client 34.106.8.40:53156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWtPH5u5NVjul-pmnYAAAAQk"]
[Thu Jun 11 00:41:22.995993 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:54368] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.circleci/config.yml"] [unique_id "aiouYrXVEMZbaEYG_ywR6AAAAFE"]
[Thu Jun 11 00:41:22.996368 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:54368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.circleci/config.yml"] [unique_id "aiouYrXVEMZbaEYG_ywR6AAAAFE"]
[Thu Jun 11 00:41:23.013175 2026] [security2:error] [pid 21126:tid 21146] [client 34.106.8.40:53148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouWs0ej6tAIvUNrGGpgwAAANI"]
[Thu Jun 11 00:41:23.052982 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:46440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX8AAAABY"]
[Thu Jun 11 00:41:23.056878 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:54380] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/deploy.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYFwAAABY"]
[Thu Jun 11 00:41:23.057188 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:54380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/deploy.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYFwAAABY"]
[Thu Jun 11 00:41:23.230963 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:53172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW7XVEMZbaEYG_ywRvQAAAFM"]
[Thu Jun 11 00:41:23.243602 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:54384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "aiouY7XVEMZbaEYG_ywR6QAAAFM"]
[Thu Jun 11 00:41:23.244014 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:54384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "aiouY7XVEMZbaEYG_ywR6QAAAFM"]
[Thu Jun 11 00:41:23.329744 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:54400] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "aiouY80ej6tAIvUNrGGpwgAAAMI"]
[Thu Jun 11 00:41:23.330548 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:54400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "aiouY80ej6tAIvUNrGGpwgAAAMI"]
[Thu Jun 11 00:41:23.338752 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:53184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX8QAAABU"]
[Thu Jun 11 00:41:23.342407 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:54414] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYGQAAABU"]
[Thu Jun 11 00:41:23.342917 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:54414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYGQAAABU"]
[Thu Jun 11 00:41:23.381092 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:46452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW171v4pS85P4fn_AkgAAAIc"]
[Thu Jun 11 00:41:23.391729 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:54426] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/Jenkinsfile"] [unique_id "aiouY171v4pS85P4fn_AsAAAAIc"]
[Thu Jun 11 00:41:23.392135 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:54426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/Jenkinsfile"] [unique_id "aiouY171v4pS85P4fn_AsAAAAIc"]
[Thu Jun 11 00:41:23.417996 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:46466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW9PH5u5NVjul-pmnYQAAAQ8"]
[Thu Jun 11 00:41:23.427897 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:54444] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.drone.yaml"] [unique_id "aiouY9PH5u5NVjul-pmnjgAAAQ8"]
[Thu Jun 11 00:41:23.428337 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:54444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.drone.yaml"] [unique_id "aiouY9PH5u5NVjul-pmnjgAAAQ8"]
[Thu Jun 11 00:41:23.482454 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:53200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW80ej6tAIvUNrGGphgAAANA"]
[Thu Jun 11 00:41:23.594083 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:53212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX8gAAAAI"]
[Thu Jun 11 00:41:23.651860 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:54456] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/bitbucket-pipelines.yml"] [unique_id "aiouY7XVEMZbaEYG_ywR6wAAAEI"]
[Thu Jun 11 00:41:23.652127 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/bitbucket-pipelines.yml"] [unique_id "aiouY7XVEMZbaEYG_ywR6wAAAEI"]
[Thu Jun 11 00:41:23.657880 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:54462] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/azure-pipelines.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYHAAAAAE"]
[Thu Jun 11 00:41:23.658201 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:54462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/azure-pipelines.yml"] [unique_id "aiouY3BSW5Z6y_w6HsGYHAAAAAE"]
[Thu Jun 11 00:41:23.702912 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:53220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW171v4pS85P4fn_AkwAAAJI"]
[Thu Jun 11 00:41:23.705802 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:54474] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.buildkite/pipeline.yml"] [unique_id "aiouY171v4pS85P4fn_AsgAAAJI"]
[Thu Jun 11 00:41:23.706218 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:54474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.buildkite/pipeline.yml"] [unique_id "aiouY171v4pS85P4fn_AsgAAAJI"]
[Thu Jun 11 00:41:23.781075 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:53232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW80ej6tAIvUNrGGpiAAAAMU"]
[Thu Jun 11 00:41:23.781207 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:54494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/error.log"] [unique_id "aiouY9PH5u5NVjul-pmnkAAAARg"]
[Thu Jun 11 00:41:23.781344 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:54494] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/error.log"] [unique_id "aiouY9PH5u5NVjul-pmnkAAAARg"]
[Thu Jun 11 00:41:23.781789 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:54494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/error.log"] [unique_id "aiouY9PH5u5NVjul-pmnkAAAARg"]
[Thu Jun 11 00:41:23.786713 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:54484] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/debug.log"] [unique_id "aiouY80ej6tAIvUNrGGpxAAAAMU"]
[Thu Jun 11 00:41:23.786846 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:54484] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/debug.log"] [unique_id "aiouY80ej6tAIvUNrGGpxAAAAMU"]
[Thu Jun 11 00:41:23.787231 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:54484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/debug.log"] [unique_id "aiouY80ej6tAIvUNrGGpxAAAAMU"]
[Thu Jun 11 00:41:23.840795 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:53248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW171v4pS85P4fn_AlAAAAJc"]
[Thu Jun 11 00:41:23.843433 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:54500] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app.log"] [unique_id "aiouY171v4pS85P4fn_AswAAAJc"]
[Thu Jun 11 00:41:23.843538 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:54500] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app.log"] [unique_id "aiouY171v4pS85P4fn_AswAAAJc"]
[Thu Jun 11 00:41:23.843844 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:54500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app.log"] [unique_id "aiouY171v4pS85P4fn_AswAAAJc"]
[Thu Jun 11 00:41:23.849512 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:53240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW9PH5u5NVjul-pmnYwAAAQM"]
[Thu Jun 11 00:41:23.851776 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:54502] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/application.log"] [unique_id "aiouY9PH5u5NVjul-pmnkQAAAQM"]
[Thu Jun 11 00:41:23.851907 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:54502] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/application.log"] [unique_id "aiouY9PH5u5NVjul-pmnkQAAAQM"]
[Thu Jun 11 00:41:23.852242 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:54502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/application.log"] [unique_id "aiouY9PH5u5NVjul-pmnkQAAAQM"]
[Thu Jun 11 00:41:23.878812 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:54694] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.pypirc"] [unique_id "aiouY171v4pS85P4fn_AtAAAAJA"]
[Thu Jun 11 00:41:23.879189 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:54694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.pypirc"] [unique_id "aiouY171v4pS85P4fn_AtAAAAJA"]
[Thu Jun 11 00:41:24.018713 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:54702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.bash_history"] [unique_id "aiouZHBSW5Z6y_w6HsGYHgAAAAI"]
[Thu Jun 11 00:41:24.018875 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:54702] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.bash_history"] [unique_id "aiouZHBSW5Z6y_w6HsGYHgAAAAI"]
[Thu Jun 11 00:41:24.019227 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:54702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.bash_history"] [unique_id "aiouZHBSW5Z6y_w6HsGYHgAAAAI"]
[Thu Jun 11 00:41:24.041638 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:53264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW9PH5u5NVjul-pmnZAAAAQ0"]
[Thu Jun 11 00:41:24.044371 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:54718] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "aiouZNPH5u5NVjul-pmnkgAAAQ0"]
[Thu Jun 11 00:41:24.044517 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:54718] ModSecurity: Warning. Matched phrase ".ssh/authorized_keys" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/authorized_keys found within REQUEST_FILENAME: /.ssh/authorized_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "aiouZNPH5u5NVjul-pmnkgAAAQ0"]
[Thu Jun 11 00:41:24.044780 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:54718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "aiouZNPH5u5NVjul-pmnkgAAAQ0"]
[Thu Jun 11 00:41:24.085014 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:53252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW7XVEMZbaEYG_ywRvwAAAEw"]
[Thu Jun 11 00:41:24.087852 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:54538] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/server.log"] [unique_id "aiouZLXVEMZbaEYG_ywR7QAAAEw"]
[Thu Jun 11 00:41:24.088005 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:54538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server.log"] [unique_id "aiouZLXVEMZbaEYG_ywR7QAAAEw"]
[Thu Jun 11 00:41:24.088359 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:54538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server.log"] [unique_id "aiouZLXVEMZbaEYG_ywR7QAAAEw"]
[Thu Jun 11 00:41:24.163481 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:53282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW80ej6tAIvUNrGGpjQAAAME"]
[Thu Jun 11 00:41:24.166318 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:54560] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/logs/error.log"] [unique_id "aiouZM0ej6tAIvUNrGGpxwAAAME"]
[Thu Jun 11 00:41:24.166440 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:54560] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/logs/error.log"] [unique_id "aiouZM0ej6tAIvUNrGGpxwAAAME"]
[Thu Jun 11 00:41:24.166870 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:54560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/logs/error.log"] [unique_id "aiouZM0ej6tAIvUNrGGpxwAAAME"]
[Thu Jun 11 00:41:24.181349 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW9PH5u5NVjul-pmnZQAAARU"]
[Thu Jun 11 00:41:24.184336 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:54730] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/id_rsa"] [unique_id "aiouZNPH5u5NVjul-pmnkwAAARU"]
[Thu Jun 11 00:41:24.184741 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:54730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/id_rsa"] [unique_id "aiouZNPH5u5NVjul-pmnkwAAARU"]
[Thu Jun 11 00:41:24.192247 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:53268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouW3BSW5Z6y_w6HsGX9AAAAAU"]
[Thu Jun 11 00:41:24.194515 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:54510] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/laravel.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYHwAAAAU"]
[Thu Jun 11 00:41:24.194673 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:54510] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/laravel.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYHwAAAAU"]
[Thu Jun 11 00:41:24.195098 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:54510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/laravel.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYHwAAAAU"]
[Thu Jun 11 00:41:24.340721 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:54706] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiouZM0ej6tAIvUNrGGpyAAAANA"]
[Thu Jun 11 00:41:24.340977 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:54706] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiouZM0ej6tAIvUNrGGpyAAAANA"]
[Thu Jun 11 00:41:24.341232 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:54706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiouZM0ej6tAIvUNrGGpyAAAANA"]
[Thu Jun 11 00:41:24.414032 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:53288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AlQAAAJM"]
[Thu Jun 11 00:41:24.417191 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:54746] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private_key.pem"] [unique_id "aiouZF71v4pS85P4fn_AuAAAAJM"]
[Thu Jun 11 00:41:24.417764 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:54746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private_key.pem"] [unique_id "aiouZF71v4pS85P4fn_AuAAAAJM"]
[Thu Jun 11 00:41:24.420662 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:53284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXM0ej6tAIvUNrGGpjwAAAMg"]
[Thu Jun 11 00:41:24.423667 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:54522] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/access.log"] [unique_id "aiouZM0ej6tAIvUNrGGpyQAAAMg"]
[Thu Jun 11 00:41:24.423765 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:54522] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/access.log"] [unique_id "aiouZM0ej6tAIvUNrGGpyQAAAMg"]
[Thu Jun 11 00:41:24.424188 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:54522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/access.log"] [unique_id "aiouZM0ej6tAIvUNrGGpyQAAAMg"]
[Thu Jun 11 00:41:24.483799 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:53298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXNPH5u5NVjul-pmnZwAAAQs"]
[Thu Jun 11 00:41:24.488049 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:54544] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/trace.log"] [unique_id "aiouZNPH5u5NVjul-pmnlQAAAQs"]
[Thu Jun 11 00:41:24.488167 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:54544] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/trace.log"] [unique_id "aiouZNPH5u5NVjul-pmnlQAAAQs"]
[Thu Jun 11 00:41:24.488547 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:54544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/trace.log"] [unique_id "aiouZNPH5u5NVjul-pmnlQAAAQs"]
[Thu Jun 11 00:41:24.489089 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:53290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXHBSW5Z6y_w6HsGX9gAAAAM"]
[Thu Jun 11 00:41:24.491641 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:54554] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/logs/debug.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYIQAAAAM"]
[Thu Jun 11 00:41:24.491820 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:54554] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/logs/debug.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYIQAAAAM"]
[Thu Jun 11 00:41:24.492095 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:54554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/logs/debug.log"] [unique_id "aiouZHBSW5Z6y_w6HsGYIQAAAAM"]
[Thu Jun 11 00:41:24.538332 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:53310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AlgAAAI0"]
[Thu Jun 11 00:41:24.539872 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:54574] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/logs/app.log"] [unique_id "aiouZF71v4pS85P4fn_AugAAAI0"]
[Thu Jun 11 00:41:24.540201 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:54574] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/logs/app.log"] [unique_id "aiouZF71v4pS85P4fn_AugAAAI0"]
[Thu Jun 11 00:41:24.540779 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:54574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/logs/app.log"] [unique_id "aiouZF71v4pS85P4fn_AugAAAI0"]
[Thu Jun 11 00:41:24.732070 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:53326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXM0ej6tAIvUNrGGplAAAAMk"]
[Thu Jun 11 00:41:24.740661 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:54678] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.npmrc"] [unique_id "aiouZM0ej6tAIvUNrGGpygAAAMk"]
[Thu Jun 11 00:41:24.740982 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:54678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.npmrc"] [unique_id "aiouZM0ej6tAIvUNrGGpygAAAMk"]
[Thu Jun 11 00:41:24.780064 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:53324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AlwAAAIA"]
[Thu Jun 11 00:41:24.783113 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:54652] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server.xml"] [unique_id "aiouZF71v4pS85P4fn_AvQAAAIA"]
[Thu Jun 11 00:41:24.783525 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:54652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server.xml"] [unique_id "aiouZF71v4pS85P4fn_AvQAAAIA"]
[Thu Jun 11 00:41:24.820971 2026] [security2:error] [pid 22855:tid 22875] [client 34.106.8.40:53342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AmQAAAIk"]
[Thu Jun 11 00:41:24.822690 2026] [authz_core:error] [pid 22855:tid 22875] [client 34.106.8.40:54610] AH01630: client denied by server configuration: /disk001/machen/public_html/fl.machen.ai/.htpasswd
[Thu Jun 11 00:41:24.858111 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AmAAAAIw"]
[Thu Jun 11 00:41:24.860924 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:54670] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.gitconfig"] [unique_id "aiouZF71v4pS85P4fn_AvwAAAIw"]
[Thu Jun 11 00:41:24.861064 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:54670] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.gitconfig"] [unique_id "aiouZF71v4pS85P4fn_AvwAAAIw"]
[Thu Jun 11 00:41:24.861411 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:54670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.gitconfig"] [unique_id "aiouZF71v4pS85P4fn_AvwAAAIw"]
[Thu Jun 11 00:41:24.867126 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:53358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXNPH5u5NVjul-pmnaQAAARA"]
[Thu Jun 11 00:41:24.873118 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:54592] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/log/error.log"] [unique_id "aiouZNPH5u5NVjul-pmnlgAAARA"]
[Thu Jun 11 00:41:24.873442 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:54592] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/log/error.log"] [unique_id "aiouZNPH5u5NVjul-pmnlgAAARA"]
[Thu Jun 11 00:41:24.873967 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:54592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/log/error.log"] [unique_id "aiouZNPH5u5NVjul-pmnlgAAARA"]
[Thu Jun 11 00:41:25.004077 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:54656] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.netrc"] [unique_id "aiouZXBSW5Z6y_w6HsGYIwAAAAk"]
[Thu Jun 11 00:41:25.004326 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:54656] ModSecurity: Warning. Matched phrase ".netrc" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .netrc found within REQUEST_FILENAME: /.netrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.netrc"] [unique_id "aiouZXBSW5Z6y_w6HsGYIwAAAAk"]
[Thu Jun 11 00:41:25.004657 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:54656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.netrc"] [unique_id "aiouZXBSW5Z6y_w6HsGYIwAAAAk"]
[Thu Jun 11 00:41:25.068560 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:53374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXM0ej6tAIvUNrGGplgAAAMo"]
[Thu Jun 11 00:41:25.069157 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:53404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXLXVEMZbaEYG_ywRwgAAAEc"]
[Thu Jun 11 00:41:25.071270 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:54646] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/nginx.config"] [unique_id "aiouZc0ej6tAIvUNrGGpywAAAMo"]
[Thu Jun 11 00:41:25.071380 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:54646] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/nginx.config"] [unique_id "aiouZc0ej6tAIvUNrGGpywAAAMo"]
[Thu Jun 11 00:41:25.071795 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:54590] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/log/debug.log"] [unique_id "aiouZbXVEMZbaEYG_ywR8wAAAEc"]
[Thu Jun 11 00:41:25.071812 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:54646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/nginx.config"] [unique_id "aiouZc0ej6tAIvUNrGGpywAAAMo"]
[Thu Jun 11 00:41:25.072050 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:54590] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/log/debug.log"] [unique_id "aiouZbXVEMZbaEYG_ywR8wAAAEc"]
[Thu Jun 11 00:41:25.072341 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:54590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/log/debug.log"] [unique_id "aiouZbXVEMZbaEYG_ywR8wAAAEc"]
[Thu Jun 11 00:41:25.129006 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:53390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXHBSW5Z6y_w6HsGX-AAAAAs"]
[Thu Jun 11 00:41:25.129768 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:53418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXLXVEMZbaEYG_ywRwwAAAEU"]
[Thu Jun 11 00:41:25.133149 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:54630] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/nginx.conf"] [unique_id "aiouZbXVEMZbaEYG_ywR9AAAAEU"]
[Thu Jun 11 00:41:25.133270 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:54630] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/nginx.conf"] [unique_id "aiouZbXVEMZbaEYG_ywR9AAAAEU"]
[Thu Jun 11 00:41:25.134467 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:54434] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/jenkins/Jenkinsfile"] [unique_id "aiouZXBSW5Z6y_w6HsGYJAAAAAs"]
[Thu Jun 11 00:41:25.134856 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:54434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/jenkins/Jenkinsfile"] [unique_id "aiouZXBSW5Z6y_w6HsGYJAAAAAs"]
[Thu Jun 11 00:41:25.135230 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:54630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/nginx.conf"] [unique_id "aiouZbXVEMZbaEYG_ywR9AAAAEU"]
[Thu Jun 11 00:41:25.179941 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:53422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXHBSW5Z6y_w6HsGX-QAAAA0"]
[Thu Jun 11 00:41:25.183170 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:54436] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.drone.yml"] [unique_id "aiouZXBSW5Z6y_w6HsGYJQAAAA0"]
[Thu Jun 11 00:41:25.183595 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:54436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.drone.yml"] [unique_id "aiouZXBSW5Z6y_w6HsGYJQAAAA0"]
[Thu Jun 11 00:41:25.385881 2026] [security2:error] [pid 22855:tid 22877] [client 34.106.8.40:53430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AmgAAAIs"]
[Thu Jun 11 00:41:25.388479 2026] [authz_core:error] [pid 22855:tid 22877] [client 34.106.8.40:54614] AH01630: client denied by server configuration: /disk001/machen/public_html/fl.machen.ai/.htaccess
[Thu Jun 11 00:41:25.391231 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:53444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXbXVEMZbaEYG_ywRxQAAAFc"]
[Thu Jun 11 00:41:25.394690 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:54622] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/web.config"] [unique_id "aiouZbXVEMZbaEYG_ywR9gAAAFc"]
[Thu Jun 11 00:41:25.394804 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:54622] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/web.config"] [unique_id "aiouZbXVEMZbaEYG_ywR9gAAAFc"]
[Thu Jun 11 00:41:25.394928 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:54622] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/web.config"] [unique_id "aiouZbXVEMZbaEYG_ywR9gAAAFc"]
[Thu Jun 11 00:41:25.395222 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:54622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/web.config"] [unique_id "aiouZbXVEMZbaEYG_ywR9gAAAFc"]
[Thu Jun 11 00:41:25.425988 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:53436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXF71v4pS85P4fn_AmwAAAIU"]
[Thu Jun 11 00:41:25.428747 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:54584] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/logs/application.log"] [unique_id "aiouZV71v4pS85P4fn_AxQAAAIU"]
[Thu Jun 11 00:41:25.428857 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:54584] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/logs/application.log"] [unique_id "aiouZV71v4pS85P4fn_AxQAAAIU"]
[Thu Jun 11 00:41:25.429234 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:54584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/logs/application.log"] [unique_id "aiouZV71v4pS85P4fn_AxQAAAIU"]
[Thu Jun 11 00:41:25.446629 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:53438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXV71v4pS85P4fn_AnAAAAIE"]
[Thu Jun 11 00:41:25.448534 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:54736] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/private.key"] [unique_id "aiouZV71v4pS85P4fn_AxwAAAIE"]
[Thu Jun 11 00:41:25.448666 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:54736] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private.key"] [unique_id "aiouZV71v4pS85P4fn_AxwAAAIE"]
[Thu Jun 11 00:41:25.449106 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:54736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private.key"] [unique_id "aiouZV71v4pS85P4fn_AxwAAAIE"]
[Thu Jun 11 00:41:25.459057 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:53460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7owAAAUw"]
[Thu Jun 11 00:41:25.461315 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:54758] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/server.key"] [unique_id "aiouZaoCcBDhO7fD3wA7wAAAAUw"]
[Thu Jun 11 00:41:25.461424 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:54758] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server.key"] [unique_id "aiouZaoCcBDhO7fD3wA7wAAAAUw"]
[Thu Jun 11 00:41:25.461778 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server.key"] [unique_id "aiouZaoCcBDhO7fD3wA7wAAAAUw"]
[Thu Jun 11 00:41:25.676824 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:53476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7pAAAAUM"]
[Thu Jun 11 00:41:25.680560 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:54770] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server.pem"] [unique_id "aiouZaoCcBDhO7fD3wA7wQAAAUM"]
[Thu Jun 11 00:41:25.680947 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:54770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server.pem"] [unique_id "aiouZaoCcBDhO7fD3wA7wQAAAUM"]
[Thu Jun 11 00:41:25.690903 2026] [security2:error] [pid 1016:tid 1021] [client 34.106.8.40:53484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7pQAAAUE"]
[Thu Jun 11 00:41:25.745381 2026] [security2:error] [pid 1016:tid 1034] [client 34.106.8.40:53486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7pgAAAU4"]
[Thu Jun 11 00:41:25.748161 2026] [security2:error] [pid 1016:tid 1022] [client 34.106.8.40:53494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7pwAAAUI"]
[Thu Jun 11 00:41:25.769990 2026] [security2:error] [pid 7752:tid 7757] [client 34.106.8.40:53500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXbXVEMZbaEYG_ywRxwAAAEA"]
[Thu Jun 11 00:41:25.995451 2026] [security2:error] [pid 1016:tid 1025] [client 34.106.8.40:53538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7qAAAAUU"]
[Thu Jun 11 00:41:25.998258 2026] [security2:error] [pid 1016:tid 1020] [client 34.106.8.40:53552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7qQAAAUA"]
[Thu Jun 11 00:41:26.033429 2026] [security2:error] [pid 1016:tid 1027] [client 34.106.8.40:53514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7qgAAAUc"]
[Thu Jun 11 00:41:26.034301 2026] [security2:error] [pid 31551:tid 31581] [client 34.106.8.40:53668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXdPH5u5NVjul-pmnbAAAARc"]
[Thu Jun 11 00:41:26.084884 2026] [security2:error] [pid 21126:tid 21128] [client 34.106.8.40:53660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXc0ej6tAIvUNrGGpmgAAAMA"]
[Thu Jun 11 00:41:26.392717 2026] [security2:error] [pid 1016:tid 1036] [client 34.106.8.40:53586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7qwAAAVA"]
[Thu Jun 11 00:41:26.412867 2026] [security2:error] [pid 21126:tid 21131] [client 34.106.8.40:53674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXc0ej6tAIvUNrGGpnAAAAMM"]
[Thu Jun 11 00:41:26.416170 2026] [security2:error] [pid 1016:tid 1038] [client 34.106.8.40:53710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7rQAAAVI"]
[Thu Jun 11 00:41:26.431897 2026] [security2:error] [pid 1016:tid 1026] [client 34.106.8.40:53688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXaoCcBDhO7fD3wA7rAAAAUY"]
[Thu Jun 11 00:41:26.476894 2026] [security2:error] [pid 1016:tid 1030] [client 34.106.8.40:53700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7rgAAAUo"]
[Thu Jun 11 00:41:26.747951 2026] [security2:error] [pid 22855:tid 22883] [client 34.106.8.40:53518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXl71v4pS85P4fn_AnQAAAJE"]
[Thu Jun 11 00:41:26.750658 2026] [security2:error] [pid 1016:tid 1035] [client 34.106.8.40:53796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7sAAAAU8"]
[Thu Jun 11 00:41:26.768007 2026] [security2:error] [pid 1016:tid 1042] [client 34.106.8.40:53588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7rwAAAVY"]
[Thu Jun 11 00:41:26.782901 2026] [security2:error] [pid 22855:tid 22868] [client 34.106.8.40:53724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXl71v4pS85P4fn_AngAAAII"]
[Thu Jun 11 00:41:26.837131 2026] [security2:error] [pid 1016:tid 1041] [client 34.106.8.40:53778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7sgAAAVU"]
[Thu Jun 11 00:41:27.056301 2026] [security2:error] [pid 7752:tid 7772] [client 34.106.8.40:53804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXrXVEMZbaEYG_ywRygAAAE8"]
[Thu Jun 11 00:41:27.102220 2026] [security2:error] [pid 1016:tid 1039] [client 34.106.8.40:53818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7swAAAVM"]
[Thu Jun 11 00:41:27.131478 2026] [security2:error] [pid 1016:tid 1043] [client 34.106.8.40:53828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7tAAAAVc"]
[Thu Jun 11 00:41:27.185085 2026] [security2:error] [pid 1016:tid 1033] [client 34.106.8.40:53830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7tQAAAU0"]
[Thu Jun 11 00:41:27.221377 2026] [security2:error] [pid 1016:tid 1044] [client 34.106.8.40:53532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7tgAAAVg"]
[Thu Jun 11 00:41:27.384220 2026] [security2:error] [pid 1016:tid 1029] [client 34.106.8.40:53572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7uAAAAUk"]
[Thu Jun 11 00:41:27.388814 2026] [security2:error] [pid 1016:tid 1031] [client 34.106.8.40:53842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7twAAAUs"]
[Thu Jun 11 00:41:27.466338 2026] [security2:error] [pid 31551:tid 31563] [client 34.106.8.40:53596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXtPH5u5NVjul-pmnbwAAAQU"]
[Thu Jun 11 00:41:27.565537 2026] [security2:error] [pid 1016:tid 1040] [client 34.106.8.40:53634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX6oCcBDhO7fD3wA7vAAAAVQ"]
[Thu Jun 11 00:41:27.689672 2026] [security2:error] [pid 21075:tid 21088] [client 34.106.8.40:53646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX3BSW5Z6y_w6HsGX_wAAAAo"]
[Thu Jun 11 00:41:27.738481 2026] [security2:error] [pid 31551:tid 31576] [client 34.106.8.40:53860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX9PH5u5NVjul-pmncQAAARI"]
[Thu Jun 11 00:41:27.806985 2026] [security2:error] [pid 22855:tid 22874] [client 34.106.8.40:53772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX171v4pS85P4fn_AnwAAAIg"]
[Thu Jun 11 00:41:27.923928 2026] [security2:error] [pid 21126:tid 21134] [client 34.106.8.40:53584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX80ej6tAIvUNrGGpoQAAAMY"]
[Thu Jun 11 00:41:27.985273 2026] [security2:error] [pid 7752:tid 7765] [client 34.106.8.40:53876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX7XVEMZbaEYG_ywRzQAAAEg"]
[Thu Jun 11 00:41:28.113901 2026] [security2:error] [pid 21075:tid 21078] [client 34.106.8.40:53740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX3BSW5Z6y_w6HsGYAQAAAAA"]
[Thu Jun 11 00:41:28.136393 2026] [security2:error] [pid 7752:tid 7758] [client 34.106.8.40:53784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX7XVEMZbaEYG_ywRzgAAAEE"]
[Thu Jun 11 00:41:28.224216 2026] [security2:error] [pid 31551:tid 31566] [client 34.106.8.40:53788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX9PH5u5NVjul-pmncgAAAQg"]
[Thu Jun 11 00:41:28.299875 2026] [security2:error] [pid 21075:tid 21093] [client 34.106.8.40:53912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX3BSW5Z6y_w6HsGYAgAAAA8"]
[Thu Jun 11 00:41:28.439945 2026] [security2:error] [pid 1016:tid 1028] [client 34.106.8.40:53560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouXqoCcBDhO7fD3wA7uQAAAUg"]
[Thu Jun 11 00:41:28.457185 2026] [security2:error] [pid 1016:tid 1024] [client 34.106.8.40:53948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX6oCcBDhO7fD3wA7vgAAAUQ"]
[Thu Jun 11 00:41:28.486278 2026] [security2:error] [pid 21075:tid 21101] [client 34.106.8.40:53890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX3BSW5Z6y_w6HsGYAwAAABc"]
[Thu Jun 11 00:41:28.555383 2026] [security2:error] [pid 7752:tid 7775] [client 34.106.8.40:53962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX7XVEMZbaEYG_ywR0AAAAFI"]
[Thu Jun 11 00:41:28.623920 2026] [security2:error] [pid 31551:tid 31572] [client 34.106.8.40:53974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX9PH5u5NVjul-pmndAAAAQ4"]
[Thu Jun 11 00:41:28.689368 2026] [security2:error] [pid 21126:tid 21142] [client 34.106.8.40:53628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX80ej6tAIvUNrGGppQAAAM4"]
[Thu Jun 11 00:41:28.762323 2026] [security2:error] [pid 21126:tid 21149] [client 34.106.8.40:53606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX80ej6tAIvUNrGGppgAAANU"]
[Thu Jun 11 00:41:28.787841 2026] [security2:error] [pid 7752:tid 7768] [client 34.106.8.40:53976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX7XVEMZbaEYG_ywR0QAAAEs"]
[Thu Jun 11 00:41:28.814120 2026] [security2:error] [pid 22855:tid 22887] [client 34.106.8.40:53992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouX171v4pS85P4fn_AoAAAAJU"]
[Thu Jun 11 00:41:28.929413 2026] [security2:error] [pid 7752:tid 7767] [client 34.106.8.40:53756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYLXVEMZbaEYG_ywR0wAAAEo"]
[Thu Jun 11 00:41:29.107199 2026] [security2:error] [pid 21075:tid 21094] [client 34.106.8.40:54002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYBQAAABA"]
[Thu Jun 11 00:41:29.124034 2026] [security2:error] [pid 21075:tid 21098] [client 34.106.8.40:54028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYBgAAABQ"]
[Thu Jun 11 00:41:29.142523 2026] [security2:error] [pid 31551:tid 31570] [client 34.106.8.40:53900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYNPH5u5NVjul-pmndgAAAQw"]
[Thu Jun 11 00:41:29.206865 2026] [security2:error] [pid 7752:tid 7777] [client 34.106.8.40:54006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYLXVEMZbaEYG_ywR1AAAAFQ"]
[Thu Jun 11 00:41:29.239983 2026] [security2:error] [pid 21126:tid 21151] [client 34.106.8.40:54036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYM0ej6tAIvUNrGGpqQAAANc"]
[Thu Jun 11 00:41:29.411201 2026] [security2:error] [pid 21075:tid 21090] [client 34.106.8.40:54022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYCAAAAAw"]
[Thu Jun 11 00:41:29.458931 2026] [security2:error] [pid 21126:tid 21132] [client 34.106.8.40:54052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYM0ej6tAIvUNrGGpqgAAAMQ"]
[Thu Jun 11 00:41:29.463913 2026] [security2:error] [pid 31551:tid 31568] [client 34.106.8.40:53864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYNPH5u5NVjul-pmndwAAAQo"]
[Thu Jun 11 00:41:29.515494 2026] [security2:error] [pid 7752:tid 7779] [client 34.106.8.40:54066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYLXVEMZbaEYG_ywR1QAAAFY"]
[Thu Jun 11 00:41:29.569970 2026] [security2:error] [pid 21126:tid 21152] [client 34.106.8.40:53936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYM0ej6tAIvUNrGGprAAAANg"]
[Thu Jun 11 00:41:29.719024 2026] [security2:error] [pid 31551:tid 31562] [client 34.106.8.40:54074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYNPH5u5NVjul-pmneQAAAQQ"]
[Thu Jun 11 00:41:29.737313 2026] [security2:error] [pid 7752:tid 7770] [client 34.106.8.40:54086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYLXVEMZbaEYG_ywR1wAAAE0"]
[Thu Jun 11 00:41:29.797359 2026] [security2:error] [pid 21126:tid 21143] [client 34.106.8.40:53922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYM0ej6tAIvUNrGGprgAAAM8"]
[Thu Jun 11 00:41:29.813908 2026] [security2:error] [pid 21075:tid 21085] [client 34.106.8.40:54102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYCQAAAAc"]
[Thu Jun 11 00:41:29.867797 2026] [security2:error] [pid 7752:tid 7778] [client 34.106.8.40:53856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYLXVEMZbaEYG_ywR2AAAAFU"]
[Thu Jun 11 00:41:30.022070 2026] [security2:error] [pid 21075:tid 21095] [client 34.106.8.40:54118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYCwAAABE"]
[Thu Jun 11 00:41:30.066957 2026] [security2:error] [pid 31551:tid 31575] [client 34.106.8.40:54110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYNPH5u5NVjul-pmnegAAARE"]
[Thu Jun 11 00:41:30.073458 2026] [security2:error] [pid 21075:tid 21086] [client 34.106.8.40:54104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYHBSW5Z6y_w6HsGYDAAAAAg"]
[Thu Jun 11 00:41:30.184082 2026] [security2:error] [pid 21075:tid 21097] [client 34.106.8.40:54120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYXBSW5Z6y_w6HsGYDQAAABM"]
[Thu Jun 11 00:41:30.185442 2026] [security2:error] [pid 22855:tid 22890] [client 34.106.8.40:54112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYF71v4pS85P4fn_AoQAAAJg"]
[Thu Jun 11 00:41:30.279413 2026] [security2:error] [pid 31551:tid 31564] [client 34.106.8.40:54134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYdPH5u5NVjul-pmnfQAAAQY"]
[Thu Jun 11 00:41:30.401644 2026] [security2:error] [pid 7752:tid 7763] [client 34.106.8.40:54152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYbXVEMZbaEYG_ywR2wAAAEY"]
[Thu Jun 11 00:41:30.421284 2026] [security2:error] [pid 21126:tid 21141] [client 34.106.8.40:54140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYc0ej6tAIvUNrGGpswAAAM0"]
[Thu Jun 11 00:41:30.490128 2026] [security2:error] [pid 21126:tid 21150] [client 34.106.8.40:54144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYc0ej6tAIvUNrGGptgAAANY"]
[Thu Jun 11 00:41:30.514343 2026] [security2:error] [pid 7752:tid 7760] [client 34.106.8.40:54156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYbXVEMZbaEYG_ywR3AAAAEM"]
[Thu Jun 11 00:41:30.655855 2026] [security2:error] [pid 31551:tid 31578] [client 34.106.8.40:54168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYdPH5u5NVjul-pmngAAAARQ"]
[Thu Jun 11 00:41:30.704466 2026] [security2:error] [pid 22855:tid 22888] [client 34.106.8.40:54196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYV71v4pS85P4fn_AowAAAJY"]
[Thu Jun 11 00:41:30.804496 2026] [security2:error] [pid 7752:tid 7766] [client 34.106.8.40:54210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYbXVEMZbaEYG_ywR4AAAAEk"]
[Thu Jun 11 00:41:30.822964 2026] [security2:error] [pid 31551:tid 31565] [client 34.106.8.40:54180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYdPH5u5NVjul-pmnggAAAQc"]
[Thu Jun 11 00:41:30.846921 2026] [security2:error] [pid 22855:tid 22880] [client 34.106.8.40:54184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYV71v4pS85P4fn_ApAAAAI4"]
[Thu Jun 11 00:41:31.011963 2026] [security2:error] [pid 1016:tid 1037] [client 34.106.8.40:54266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYaoCcBDhO7fD3wA7vwAAAVE"]
[Thu Jun 11 00:41:31.093325 2026] [security2:error] [pid 21075:tid 21092] [client 34.106.8.40:54224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYXBSW5Z6y_w6HsGYEAAAAA4"]
[Thu Jun 11 00:41:31.123057 2026] [security2:error] [pid 7752:tid 7761] [client 34.106.8.40:54272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYrXVEMZbaEYG_ywR4QAAAEQ"]
[Thu Jun 11 00:41:31.173830 2026] [security2:error] [pid 31551:tid 31580] [client 34.106.8.40:54238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYdPH5u5NVjul-pmngwAAARY"]
[Thu Jun 11 00:41:31.174944 2026] [security2:error] [pid 21126:tid 21139] [client 34.106.8.40:54276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYc0ej6tAIvUNrGGpuQAAAMs"]
[Thu Jun 11 00:41:31.308846 2026] [security2:error] [pid 21126:tid 21145] [client 34.106.8.40:54252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYc0ej6tAIvUNrGGpuAAAANE"]
[Thu Jun 11 00:41:31.442788 2026] [security2:error] [pid 21075:tid 21096] [client 34.106.8.40:54314] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYnBSW5Z6y_w6HsGYEQAAABI"]
[Thu Jun 11 00:41:31.462908 2026] [security2:error] [pid 31551:tid 31558] [client 34.106.8.40:54284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYtPH5u5NVjul-pmnhAAAAQA"]
[Thu Jun 11 00:41:31.480130 2026] [security2:error] [pid 21126:tid 21135] [client 34.106.8.40:54298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYs0ej6tAIvUNrGGpuwAAAMc"]
[Thu Jun 11 00:41:31.488907 2026] [security2:error] [pid 22855:tid 22886] [client 34.106.8.40:54322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYl71v4pS85P4fn_ApgAAAJQ"]
[Thu Jun 11 00:41:31.647164 2026] [security2:error] [pid 31551:tid 31577] [client 34.106.8.40:54324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYtPH5u5NVjul-pmnhwAAARM"]
[Thu Jun 11 00:41:31.769661 2026] [security2:error] [pid 21075:tid 21102] [client 34.106.8.40:54338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYnBSW5Z6y_w6HsGYFAAAABg"]
[Thu Jun 11 00:41:31.784201 2026] [security2:error] [pid 21126:tid 21148] [client 34.106.8.40:54354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYs0ej6tAIvUNrGGpvQAAANQ"]
[Thu Jun 11 00:41:31.802053 2026] [security2:error] [pid 7752:tid 7781] [client 34.106.8.40:54360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYrXVEMZbaEYG_ywR5gAAAFg"]
[Thu Jun 11 00:41:31.815829 2026] [security2:error] [pid 31551:tid 31559] [client 34.106.8.40:53624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYtPH5u5NVjul-pmnigAAAQE"]
[Thu Jun 11 00:41:31.912098 2026] [security2:error] [pid 22855:tid 22872] [client 34.106.8.40:53612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYl71v4pS85P4fn_AqwAAAIY"]
[Thu Jun 11 00:41:32.116902 2026] [security2:error] [pid 21126:tid 21140] [client 34.106.8.40:54362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYs0ej6tAIvUNrGGpvwAAAMw"]
[Thu Jun 11 00:41:32.133940 2026] [security2:error] [pid 7752:tid 7776] [client 34.106.8.40:54384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY7XVEMZbaEYG_ywR6QAAAFM"]
[Thu Jun 11 00:41:32.145840 2026] [security2:error] [pid 7752:tid 7774] [client 34.106.8.40:54368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouYrXVEMZbaEYG_ywR6AAAAFE"]
[Thu Jun 11 00:41:32.312834 2026] [security2:error] [pid 21126:tid 21130] [client 34.106.8.40:54400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY80ej6tAIvUNrGGpwgAAAMI"]
[Thu Jun 11 00:41:32.375593 2026] [security2:error] [pid 21075:tid 21100] [client 34.106.8.40:54380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY3BSW5Z6y_w6HsGYFwAAABY"]
[Thu Jun 11 00:41:32.389862 2026] [security2:error] [pid 21075:tid 21099] [client 34.106.8.40:54414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY3BSW5Z6y_w6HsGYGQAAABU"]
[Thu Jun 11 00:41:32.411083 2026] [security2:error] [pid 22855:tid 22873] [client 34.106.8.40:54426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY171v4pS85P4fn_AsAAAAIc"]
[Thu Jun 11 00:41:32.432909 2026] [security2:error] [pid 31551:tid 31573] [client 34.106.8.40:54444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY9PH5u5NVjul-pmnjgAAAQ8"]
[Thu Jun 11 00:41:32.577831 2026] [security2:error] [pid 7752:tid 7759] [client 34.106.8.40:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY7XVEMZbaEYG_ywR6wAAAEI"]
[Thu Jun 11 00:41:32.666647 2026] [security2:error] [pid 22855:tid 22884] [client 34.106.8.40:54474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY171v4pS85P4fn_AsgAAAJI"]
[Thu Jun 11 00:41:32.716068 2026] [security2:error] [pid 21075:tid 21079] [client 34.106.8.40:54462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY3BSW5Z6y_w6HsGYHAAAAAE"]
[Thu Jun 11 00:41:32.759909 2026] [security2:error] [pid 31551:tid 31582] [client 34.106.8.40:54494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY9PH5u5NVjul-pmnkAAAARg"]
[Thu Jun 11 00:41:32.867111 2026] [security2:error] [pid 21126:tid 21133] [client 34.106.8.40:54484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY80ej6tAIvUNrGGpxAAAAMU"]
[Thu Jun 11 00:41:32.919744 2026] [security2:error] [pid 22855:tid 22889] [client 34.106.8.40:54500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY171v4pS85P4fn_AswAAAJc"]
[Thu Jun 11 00:41:33.019714 2026] [security2:error] [pid 31551:tid 31561] [client 34.106.8.40:54502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY9PH5u5NVjul-pmnkQAAAQM"]
[Thu Jun 11 00:41:33.060202 2026] [security2:error] [pid 22855:tid 22882] [client 34.106.8.40:54694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouY171v4pS85P4fn_AtAAAAJA"]
[Thu Jun 11 00:41:33.063094 2026] [security2:error] [pid 7752:tid 7769] [client 34.106.8.40:54538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZLXVEMZbaEYG_ywR7QAAAEw"]
[Thu Jun 11 00:41:33.211468 2026] [security2:error] [pid 31551:tid 31571] [client 34.106.8.40:54718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZNPH5u5NVjul-pmnkgAAAQ0"]
[Thu Jun 11 00:41:33.304893 2026] [security2:error] [pid 21126:tid 21129] [client 34.106.8.40:54560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZM0ej6tAIvUNrGGpxwAAAME"]
[Thu Jun 11 00:41:33.326553 2026] [security2:error] [pid 22855:tid 22885] [client 34.106.8.40:54746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZF71v4pS85P4fn_AuAAAAJM"]
[Thu Jun 11 00:41:33.401805 2026] [security2:error] [pid 21075:tid 21083] [client 34.106.8.40:54510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZHBSW5Z6y_w6HsGYHwAAAAU"]
[Thu Jun 11 00:41:33.504177 2026] [security2:error] [pid 21075:tid 21080] [client 34.106.8.40:54702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZHBSW5Z6y_w6HsGYHgAAAAI"]
[Thu Jun 11 00:41:33.543677 2026] [security2:error] [pid 31551:tid 31579] [client 34.106.8.40:54730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZNPH5u5NVjul-pmnkwAAARU"]
[Thu Jun 11 00:41:33.570305 2026] [security2:error] [pid 21126:tid 21144] [client 34.106.8.40:54706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZM0ej6tAIvUNrGGpyAAAANA"]
[Thu Jun 11 00:41:33.589833 2026] [security2:error] [pid 21126:tid 21136] [client 34.106.8.40:54522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZM0ej6tAIvUNrGGpyQAAAMg"]
[Thu Jun 11 00:41:33.771003 2026] [security2:error] [pid 31551:tid 31569] [client 34.106.8.40:54544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZNPH5u5NVjul-pmnlQAAAQs"]
[Thu Jun 11 00:41:33.886886 2026] [security2:error] [pid 21126:tid 21137] [client 34.106.8.40:54678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZM0ej6tAIvUNrGGpygAAAMk"]
[Thu Jun 11 00:41:33.888647 2026] [security2:error] [pid 21075:tid 21081] [client 34.106.8.40:54554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZHBSW5Z6y_w6HsGYIQAAAAM"]
[Thu Jun 11 00:41:33.930120 2026] [security2:error] [pid 22855:tid 22866] [client 34.106.8.40:54652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZF71v4pS85P4fn_AvQAAAIA"]
[Thu Jun 11 00:41:34.026375 2026] [security2:error] [pid 22855:tid 22879] [client 34.106.8.40:54574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZF71v4pS85P4fn_AugAAAI0"]
[Thu Jun 11 00:41:34.198212 2026] [security2:error] [pid 22855:tid 22878] [client 34.106.8.40:54670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZF71v4pS85P4fn_AvwAAAIw"]
[Thu Jun 11 00:41:34.206069 2026] [security2:error] [pid 21075:tid 21087] [client 34.106.8.40:54656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZXBSW5Z6y_w6HsGYIwAAAAk"]
[Thu Jun 11 00:41:34.241475 2026] [security2:error] [pid 31551:tid 31574] [client 34.106.8.40:54592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZNPH5u5NVjul-pmnlgAAARA"]
[Thu Jun 11 00:41:34.337058 2026] [security2:error] [pid 21126:tid 21138] [client 34.106.8.40:54646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZc0ej6tAIvUNrGGpywAAAMo"]
[Thu Jun 11 00:41:34.347460 2026] [security2:error] [pid 7752:tid 7764] [client 34.106.8.40:54590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZbXVEMZbaEYG_ywR8wAAAEc"]
[Thu Jun 11 00:41:34.524761 2026] [security2:error] [pid 21075:tid 21089] [client 34.106.8.40:54434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZXBSW5Z6y_w6HsGYJAAAAAs"]
[Thu Jun 11 00:41:34.549069 2026] [security2:error] [pid 21075:tid 21091] [client 34.106.8.40:54436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZXBSW5Z6y_w6HsGYJQAAAA0"]
[Thu Jun 11 00:41:34.553838 2026] [security2:error] [pid 7752:tid 7762] [client 34.106.8.40:54630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZbXVEMZbaEYG_ywR9AAAAEU"]
[Thu Jun 11 00:41:34.604899 2026] [security2:error] [pid 7752:tid 7780] [client 34.106.8.40:54622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZbXVEMZbaEYG_ywR9gAAAFc"]
[Thu Jun 11 00:41:34.853917 2026] [security2:error] [pid 22855:tid 22871] [client 34.106.8.40:54584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZV71v4pS85P4fn_AxQAAAIU"]
[Thu Jun 11 00:41:34.927009 2026] [security2:error] [pid 22855:tid 22867] [client 34.106.8.40:54736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZV71v4pS85P4fn_AxwAAAIE"]
[Thu Jun 11 00:41:34.937804 2026] [security2:error] [pid 1016:tid 1032] [client 34.106.8.40:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZaoCcBDhO7fD3wA7wAAAAUw"]
[Thu Jun 11 00:41:34.981998 2026] [security2:error] [pid 1016:tid 1023] [client 34.106.8.40:54770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiouZaoCcBDhO7fD3wA7wQAAAUM"]
[Thu Jun 11 00:42:10.138769 2026] [security2:error] [pid 21126:tid 21128] [client 43.157.46.118:35114] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiouks0ej6tAIvUNrGGqtgAAAMA"]
[Thu Jun 11 00:42:10.138866 2026] [security2:error] [pid 21126:tid 21128] [client 43.157.46.118:35114] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiouks0ej6tAIvUNrGGqtgAAAMA"]
[Thu Jun 11 00:42:10.139746 2026] [security2:error] [pid 21126:tid 21128] [client 43.157.46.118:35114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiouks0ej6tAIvUNrGGqtgAAAMA"]
[Thu Jun 11 00:42:10.140897 2026] [security2:error] [pid 21126:tid 21128] [client 43.157.46.118:35114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiouks0ej6tAIvUNrGGqtgAAAMA"]
[Thu Jun 11 00:45:22.702742 2026] [security2:error] [pid 7752:tid 7768] [client 78.153.140.250:49386] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiovUrXVEMZbaEYG_ywTvQAAAEs"]
[Thu Jun 11 00:45:22.702982 2026] [security2:error] [pid 7752:tid 7768] [client 78.153.140.250:49386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiovUrXVEMZbaEYG_ywTvQAAAEs"]
[Thu Jun 11 00:45:22.703238 2026] [security2:error] [pid 7752:tid 7768] [client 78.153.140.250:49386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiovUrXVEMZbaEYG_ywTvQAAAEs"]
[Thu Jun 11 00:45:22.703480 2026] [security2:error] [pid 7752:tid 7768] [client 78.153.140.250:49386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiovUrXVEMZbaEYG_ywTvQAAAEs"]
[Thu Jun 11 00:45:23.552543 2026] [security2:error] [pid 22855:tid 22886] [client 78.153.140.250:59128] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiovU171v4pS85P4fn_DXAAAAJQ"]
[Thu Jun 11 00:49:09.456831 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:59046] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/"] [unique_id "aiowNV71v4pS85P4fn_HGAAAAJM"]
[Thu Jun 11 00:49:09.457241 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:59046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/"] [unique_id "aiowNV71v4pS85P4fn_HGAAAAJM"]
[Thu Jun 11 00:49:09.457558 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:59046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/"] [unique_id "aiowNV71v4pS85P4fn_HGAAAAJM"]
[Thu Jun 11 00:49:12.531881 2026] [security2:error] [pid 7752:tid 7759] [client 72.11.155.223:59056] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.suporte.machen.ai"] [uri "/favicon.ico"] [unique_id "aiowOLXVEMZbaEYG_ywWdAAAAEI"]
[Thu Jun 11 00:49:12.532269 2026] [security2:error] [pid 7752:tid 7759] [client 72.11.155.223:59056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/favicon.ico"] [unique_id "aiowOLXVEMZbaEYG_ywWdAAAAEI"]
[Thu Jun 11 00:49:12.532536 2026] [security2:error] [pid 7752:tid 7759] [client 72.11.155.223:59056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/favicon.ico"] [unique_id "aiowOLXVEMZbaEYG_ywWdAAAAEI"]
[Thu Jun 11 00:51:46.216262 2026] [security2:error] [pid 1016:tid 1037] [client 45.148.10.67:59868] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiow0qoCcBDhO7fD3wBDAgAAAVE"]
[Thu Jun 11 00:54:05.798347 2026] [security2:error] [pid 7752:tid 7781] [client 72.11.155.223:60810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.support.machen.ai"] [uri "/"] [unique_id "aioxXbXVEMZbaEYG_ywbEgAAAFg"]
[Thu Jun 11 00:54:05.798833 2026] [security2:error] [pid 7752:tid 7781] [client 72.11.155.223:60810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/"] [unique_id "aioxXbXVEMZbaEYG_ywbEgAAAFg"]
[Thu Jun 11 00:54:12.552358 2026] [security2:error] [pid 7752:tid 7781] [client 72.11.155.223:60810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "aioxXbXVEMZbaEYG_ywbEgAAAFg"]
[Thu Jun 11 00:54:14.120170 2026] [security2:error] [pid 31551:tid 31568] [client 72.11.155.223:55550] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "support.machen.ai"] [uri "/"] [unique_id "aioxZtPH5u5NVjul-pmydgAAAQo"], referer: https://www.support.machen.ai
[Thu Jun 11 00:54:14.120649 2026] [security2:error] [pid 31551:tid 31568] [client 72.11.155.223:55550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/"] [unique_id "aioxZtPH5u5NVjul-pmydgAAAQo"], referer: https://www.support.machen.ai
[Thu Jun 11 00:54:15.419670 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:44340] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.support.machen.ai"] [uri "/"] [unique_id "aioxZ171v4pS85P4fn_MNgAAAJM"]
[Thu Jun 11 00:54:15.420019 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:44340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/"] [unique_id "aioxZ171v4pS85P4fn_MNgAAAJM"]
[Thu Jun 11 00:54:16.926944 2026] [security2:error] [pid 31551:tid 31568] [client 72.11.155.223:55550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aioxZtPH5u5NVjul-pmydgAAAQo"], referer: https://www.support.machen.ai
[Thu Jun 11 00:54:17.746626 2026] [security2:error] [pid 22855:tid 22885] [client 72.11.155.223:44340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "aioxZ171v4pS85P4fn_MNgAAAJM"]
[Thu Jun 11 00:54:18.653655 2026] [security2:error] [pid 22855:tid 22890] [client 72.11.155.223:47548] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "support.machen.ai"] [uri "/"] [unique_id "aioxal71v4pS85P4fn_MRAAAAJg"], referer: http://www.support.machen.ai
[Thu Jun 11 00:54:18.654063 2026] [security2:error] [pid 22855:tid 22890] [client 72.11.155.223:47548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/"] [unique_id "aioxal71v4pS85P4fn_MRAAAAJg"], referer: http://www.support.machen.ai
[Thu Jun 11 00:54:20.716930 2026] [security2:error] [pid 22855:tid 22890] [client 72.11.155.223:47548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aioxal71v4pS85P4fn_MRAAAAJg"], referer: http://www.support.machen.ai
[Thu Jun 11 00:54:24.656973 2026] [security2:error] [pid 1016:tid 1024] [client 72.11.155.223:47552] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxcKoCcBDhO7fD3wBEzAAAAUQ"]
[Thu Jun 11 00:54:24.657457 2026] [security2:error] [pid 1016:tid 1024] [client 72.11.155.223:47552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxcKoCcBDhO7fD3wBEzAAAAUQ"]
[Thu Jun 11 00:54:27.826986 2026] [security2:error] [pid 1016:tid 1024] [client 72.11.155.223:47552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aioxcKoCcBDhO7fD3wBEzAAAAUQ"]
[Thu Jun 11 00:54:29.900927 2026] [security2:error] [pid 31551:tid 31580] [client 72.11.155.223:37946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxddPH5u5NVjul-pmykgAAARY"]
[Thu Jun 11 00:54:29.901371 2026] [security2:error] [pid 31551:tid 31580] [client 72.11.155.223:37946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxddPH5u5NVjul-pmykgAAARY"]
[Thu Jun 11 00:54:34.771910 2026] [security2:error] [pid 31551:tid 31580] [client 72.11.155.223:37946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aioxddPH5u5NVjul-pmykgAAARY"]
[Thu Jun 11 00:54:36.437687 2026] [security2:error] [pid 7752:tid 7761] [client 72.11.155.223:41870] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxfLXVEMZbaEYG_ywbMgAAAEQ"]
[Thu Jun 11 00:54:36.438012 2026] [security2:error] [pid 7752:tid 7761] [client 72.11.155.223:41870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-content/uploads/2022/04/favicon.ico"] [unique_id "aioxfLXVEMZbaEYG_ywbMgAAAEQ"]
[Thu Jun 11 00:54:44.274832 2026] [security2:error] [pid 7752:tid 7761] [client 72.11.155.223:41870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aioxfLXVEMZbaEYG_ywbMgAAAEQ"]
[Thu Jun 11 00:59:11.133357 2026] [security2:error] [pid 22855:tid 22879] [client 93.123.109.178:37166] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "ns1.erhabenn.com.br"] [uri "/"] [unique_id "aioyj171v4pS85P4fn_QsgAAAI0"]
[Thu Jun 11 00:59:11.133782 2026] [security2:error] [pid 22855:tid 22879] [client 93.123.109.178:37166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/"] [unique_id "aioyj171v4pS85P4fn_QsgAAAI0"]
[Thu Jun 11 00:59:11.134065 2026] [security2:error] [pid 22855:tid 22879] [client 93.123.109.178:37166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/"] [unique_id "aioyj171v4pS85P4fn_QsgAAAI0"]
[Thu Jun 11 01:02:47.591976 2026] [security2:error] [pid 31551:tid 31558] [client 82.156.34.74:55174] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aiozZ9PH5u5NVjul-pm6UQAAAQA"]
[Thu Jun 11 01:03:37.217691 2026] [security2:error] [pid 22855:tid 22871] [client 176.65.149.236:59921] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiozmV71v4pS85P4fn_TrwAAAIU"]
[Thu Jun 11 01:03:37.217872 2026] [security2:error] [pid 22855:tid 22871] [client 176.65.149.236:59921] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiozmV71v4pS85P4fn_TrwAAAIU"]
[Thu Jun 11 01:03:37.218321 2026] [security2:error] [pid 22855:tid 22871] [client 176.65.149.236:59921] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiozmV71v4pS85P4fn_TrwAAAIU"]
[Thu Jun 11 01:03:37.219209 2026] [security2:error] [pid 22855:tid 22871] [client 176.65.149.236:59921] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiozmV71v4pS85P4fn_TrwAAAIU"]
[Thu Jun 11 01:04:34.129361 2026] [security2:error] [pid 31551:tid 31567] [client 78.153.140.93:57254] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioz0tPH5u5NVjul-pm8TgAAAQk"]
[Thu Jun 11 01:04:34.129649 2026] [security2:error] [pid 31551:tid 31567] [client 78.153.140.93:57254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioz0tPH5u5NVjul-pm8TgAAAQk"]
[Thu Jun 11 01:04:34.129866 2026] [security2:error] [pid 31551:tid 31567] [client 78.153.140.93:57254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aioz0tPH5u5NVjul-pm8TgAAAQk"]
[Thu Jun 11 01:04:34.130835 2026] [security2:error] [pid 31551:tid 31567] [client 78.153.140.93:57254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aioz0tPH5u5NVjul-pm8TgAAAQk"]
[Thu Jun 11 01:04:34.544818 2026] [security2:error] [pid 7752:tid 7763] [client 78.153.140.93:57268] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aioz0rXVEMZbaEYG_ywivwAAAEY"]
[Thu Jun 11 01:21:16.844715 2026] [security2:error] [pid 21126:tid 21147] [client 45.148.10.67:53578] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio3vM0ej6tAIvUNrGHHdwAAANM"]
[Thu Jun 11 01:28:39.777200 2026] [security2:error] [pid 7752:tid 7770] [client 79.124.40.174:37130] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio5d7XVEMZbaEYG_yw1WwAAAE0"]
[Thu Jun 11 01:28:41.015723 2026] [security2:error] [pid 1016:tid 1024] [client 79.124.40.174:37134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aio5eaoCcBDhO7fD3wBgmwAAAUQ"], referer: https://13.66.22.226:443/?XDEBUG_SESSION_START=phpstorm
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 01:34:11.796831 2026] [security2:error] [pid 1016:tid 1037] [client 78.153.140.250:38798] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aio6w6oCcBDhO7fD3wBl6gAAAVE"]
[Thu Jun 11 01:34:11.797084 2026] [security2:error] [pid 1016:tid 1037] [client 78.153.140.250:38798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aio6w6oCcBDhO7fD3wBl6gAAAVE"]
[Thu Jun 11 01:34:11.797393 2026] [security2:error] [pid 1016:tid 1037] [client 78.153.140.250:38798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aio6w6oCcBDhO7fD3wBl6gAAAVE"]
[Thu Jun 11 01:34:11.797676 2026] [security2:error] [pid 1016:tid 1037] [client 78.153.140.250:38798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aio6w6oCcBDhO7fD3wBl6gAAAVE"]
[Thu Jun 11 01:34:12.601462 2026] [security2:error] [pid 21126:tid 21131] [client 78.153.140.250:54370] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio6xM0ej6tAIvUNrGHUpwAAAMM"]
[Thu Jun 11 01:35:22.078353 2026] [cgid:error] [pid 7752:tid 7763] [client 143.110.174.190:58344] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 01:37:33.317851 2026] [security2:error] [pid 22855:tid 22890] [client 192.155.90.118:3126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aio7jV71v4pS85P4fn_ySQAAAJg"], referer: http://13.84.161.190/
[Thu Jun 11 01:37:49.033846 2026] [security2:error] [pid 7752:tid 7774] [client 66.240.223.240:49298] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio7nbXVEMZbaEYG_yw-owAAAFE"]
[Thu Jun 11 01:37:49.034004 2026] [security2:error] [pid 7752:tid 7774] [client 66.240.223.240:49298] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio7nbXVEMZbaEYG_yw-owAAAFE"]
[Thu Jun 11 01:37:49.034396 2026] [security2:error] [pid 7752:tid 7774] [client 66.240.223.240:49298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio7nbXVEMZbaEYG_yw-owAAAFE"]
[Thu Jun 11 01:37:49.034681 2026] [security2:error] [pid 7752:tid 7774] [client 66.240.223.240:49298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aio7nbXVEMZbaEYG_yw-owAAAFE"]
[Thu Jun 11 01:43:25.639184 2026] [security2:error] [pid 22855:tid 22876] [client 79.124.40.174:45490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aio87V71v4pS85P4fn_4lQAAAIo"]
[Thu Jun 11 01:54:12.519902 2026] [security2:error] [pid 22855:tid 22875] [client 66.240.236.109:51572] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aio_dF71v4pS85P4fn8DWwAAAIk"]
[Thu Jun 11 01:54:12.520049 2026] [security2:error] [pid 22855:tid 22875] [client 66.240.236.109:51572] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aio_dF71v4pS85P4fn8DWwAAAIk"]
[Thu Jun 11 01:54:12.520431 2026] [security2:error] [pid 22855:tid 22875] [client 66.240.236.109:51572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aio_dF71v4pS85P4fn8DWwAAAIk"]
[Thu Jun 11 01:54:12.594366 2026] [security2:error] [pid 22855:tid 22875] [client 66.240.236.109:51572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aio_dF71v4pS85P4fn8DWwAAAIk"]
[Thu Jun 11 01:54:23.066621 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aio_f80ej6tAIvUNrGHpqwAAAMM"], referer: https://github.com/
[Thu Jun 11 01:54:23.840890 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/build-manifest.json"] [unique_id "aio_f80ej6tAIvUNrGHprAAAAMM"]
[Thu Jun 11 01:54:24.967021 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/app/layout.js.map"] [unique_id "aio_gM0ej6tAIvUNrGHprgAAAMM"], referer: https://www.google.com/
[Thu Jun 11 01:54:25.910721 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/app/page.js.map"] [unique_id "aio_gc0ej6tAIvUNrGHpsQAAAMM"], referer: https://www.bing.com/
[Thu Jun 11 01:54:26.784214 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/main.js.map"] [unique_id "aio_gs0ej6tAIvUNrGHptgAAAMM"], referer: https://www.google.com/
[Thu Jun 11 01:54:27.617919 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/pages/_app.js.map"] [unique_id "aio_g80ej6tAIvUNrGHpuwAAAMM"], referer: https://www.bing.com/
[Thu Jun 11 01:54:28.404496 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/pages/index.js.map"] [unique_id "aio_hM0ej6tAIvUNrGHpwAAAAMM"], referer: https://www.bing.com/
[Thu Jun 11 01:54:29.185397 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app.js.map"] [unique_id "aio_hc0ej6tAIvUNrGHpxQAAAMM"], referer: https://www.bing.com/
[Thu Jun 11 01:54:29.966409 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/asset-manifest.json"] [unique_id "aio_hc0ej6tAIvUNrGHpyQAAAMM"]
[Thu Jun 11 01:54:30.719817 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/assets/index.js.map"] [unique_id "aio_hs0ej6tAIvUNrGHpzgAAAMM"]
[Thu Jun 11 01:54:31.470910 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bundle.js.map"] [unique_id "aio_h80ej6tAIvUNrGHp0gAAAMM"], referer: https://github.com/
[Thu Jun 11 01:54:32.214861 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/js/app.js.map"] [unique_id "aio_iM0ej6tAIvUNrGHp1QAAAMM"], referer: https://github.com/
[Thu Jun 11 01:54:32.947865 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/js/bundle.js.map"] [unique_id "aio_iM0ej6tAIvUNrGHp2QAAAMM"], referer: https://www.google.com/
[Thu Jun 11 01:54:33.684964 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/js/main.js.map"] [unique_id "aio_ic0ej6tAIvUNrGHp3AAAAMM"], referer: https://duckduckgo.com/
[Thu Jun 11 01:54:34.408719 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/main.js.map"] [unique_id "aio_is0ej6tAIvUNrGHp3QAAAMM"], referer: https://www.google.com/
[Thu Jun 11 01:54:35.138921 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/static/js/bundle.js.map"] [unique_id "aio_i80ej6tAIvUNrGHp4AAAAMM"], referer: https://github.com/
[Thu Jun 11 01:54:35.859772 2026] [security2:error] [pid 21126:tid 21131] [client 2.57.122.173:17794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/static/js/main.chunk.js.map"] [unique_id "aio_i80ej6tAIvUNrGHp5AAAAMM"], referer: https://github.com/
[Thu Jun 11 01:59:33.775853 2026] [security2:error] [pid 21075:tid 21078] [client 93.174.93.12:60000] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aipAtXBSW5Z6y_w6HsHjEQAAAAA"]
[Thu Jun 11 02:21:46.011899 2026] [security2:error] [pid 21126:tid 21129] [client 43.162.103.165:42838] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aipF6s0ej6tAIvUNrGEG8QAAAME"], referer: http://machen.ai
[Thu Jun 11 02:22:58.977837 2026] [security2:error] [pid 22855:tid 22870] [client 43.157.170.126:55412] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipGMl71v4pS85P4fn8aYAAAAIQ"]
[Thu Jun 11 02:22:58.978127 2026] [security2:error] [pid 22855:tid 22870] [client 43.157.170.126:55412] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipGMl71v4pS85P4fn8aYAAAAIQ"]
[Thu Jun 11 02:22:58.978774 2026] [security2:error] [pid 22855:tid 22870] [client 43.157.170.126:55412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipGMl71v4pS85P4fn8aYAAAAIQ"]
[Thu Jun 11 02:22:58.980020 2026] [security2:error] [pid 22855:tid 22870] [client 43.157.170.126:55412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipGMl71v4pS85P4fn8aYAAAAIQ"]
[Thu Jun 11 02:26:27.591601 2026] [security2:error] [pid 1016:tid 1025] [client 13.126.179.128:51001] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipHA6oCcBDhO7fD3wCZZgAAAUU"]
[Thu Jun 11 02:26:33.279773 2026] [security2:error] [pid 21075:tid 21091] [client 46.151.178.13:43472] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipHCXBSW5Z6y_w6HsH_wwAAAA0"], referer: http://13.66.22.226:443/
[Thu Jun 11 02:26:33.390755 2026] [security2:error] [pid 22855:tid 22887] [client 46.151.178.13:58866] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipHCV71v4pS85P4fn8c8wAAAJU"], referer: http://13.84.161.190:443/
[Thu Jun 11 02:29:33.106700 2026] [security2:error] [pid 22855:tid 22879] [client 45.156.128.131:52718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipHvV71v4pS85P4fn8gsgAAAI0"]
[Thu Jun 11 02:38:10.613921 2026] [security2:error] [pid 21075:tid 21089] [client 69.5.169.109:30932] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.0.2.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.0.2.1"] [uri "/"] [unique_id "aipJwnBSW5Z6y_w6HsELtQAAAAs"]
[Thu Jun 11 02:42:09.241536 2026] [security2:error] [pid 7752:tid 7774] [client 66.132.186.179:45564] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipKsbXVEMZbaEYG_yx7RwAAAFE"]
[Thu Jun 11 02:42:12.604960 2026] [security2:error] [pid 22855:tid 22879] [client 66.132.186.179:4178] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipKtF71v4pS85P4fn8uVwAAAI0"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 02:42:14.171451 2026] [security2:error] [pid 1016:tid 1044] [client 66.132.186.179:4182] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aipKtqoCcBDhO7fD3wCn2gAAAVg"]
[Thu Jun 11 02:42:17.333137 2026] [security2:error] [pid 1016:tid 1043] [client 66.132.186.179:4192] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipKuaoCcBDhO7fD3wCn8QAAAVc"], referer: https://13.66.22.226/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 02:42:53.900928 2026] [security2:error] [pid 21075:tid 21079] [client 66.132.186.179:12712] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/login"] [unique_id "aipK3XBSW5Z6y_w6HsEP-wAAAAE"]
[Thu Jun 11 02:45:55.768308 2026] [security2:error] [pid 21126:tid 21151] [client 20.118.216.147:40382] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/ReportServer"] [unique_id "aipLk80ej6tAIvUNrGEa7AAAANc"]
[Thu Jun 11 02:45:55.768487 2026] [security2:error] [pid 21126:tid 21151] [client 20.118.216.147:40382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/ReportServer"] [unique_id "aipLk80ej6tAIvUNrGEa7AAAANc"]
[Thu Jun 11 02:45:55.769137 2026] [security2:error] [pid 21126:tid 21151] [client 20.118.216.147:40382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/ReportServer"] [unique_id "aipLk80ej6tAIvUNrGEa7AAAANc"]
[Thu Jun 11 02:45:55.859432 2026] [security2:error] [pid 21126:tid 21151] [client 20.118.216.147:40382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipLk80ej6tAIvUNrGEa7AAAANc"]
[Thu Jun 11 02:47:53.736750 2026] [core:error] [pid 7752:tid 7767] [client 47.236.48.30:50254] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 02:52:39.973375 2026] [security2:error] [pid 22855:tid 22889] [client 34.123.82.129:43046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aipNJ171v4pS85P4fn83HQAAAJc"]
[Thu Jun 11 02:52:39.973687 2026] [security2:error] [pid 22855:tid 22889] [client 34.123.82.129:43046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aipNJ171v4pS85P4fn83HQAAAJc"]
[Thu Jun 11 02:52:39.974340 2026] [security2:error] [pid 22855:tid 22889] [client 34.123.82.129:43046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aipNJ171v4pS85P4fn83HQAAAJc"]
[Thu Jun 11 02:53:01.722907 2026] [security2:error] [pid 21126:tid 21129] [client 45.148.10.67:59422] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipNPc0ej6tAIvUNrGEgxAAAAME"]
[Thu Jun 11 02:53:02.108556 2026] [security2:error] [pid 1016:tid 1040] [client 45.148.10.67:59426] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipNPqoCcBDhO7fD3wCz9QAAAVQ"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 02:53:13.270072 2026] [security2:error] [pid 22855:tid 22885] [client 162.62.213.187:40826] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aipNSV71v4pS85P4fn83swAAAJM"]
[Thu Jun 11 02:55:16.094809 2026] [security2:error] [pid 7752:tid 7780] [client 104.238.228.254:37120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipNxLXVEMZbaEYG_yyIIQAAAFc"]
[Thu Jun 11 02:55:16.095022 2026] [security2:error] [pid 7752:tid 7780] [client 104.238.228.254:37120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipNxLXVEMZbaEYG_yyIIQAAAFc"]
[Thu Jun 11 02:55:16.095268 2026] [security2:error] [pid 7752:tid 7780] [client 104.238.228.254:37120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipNxLXVEMZbaEYG_yyIIQAAAFc"]
[Thu Jun 11 02:55:16.279879 2026] [security2:error] [pid 7752:tid 7780] [client 104.238.228.254:37120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipNxLXVEMZbaEYG_yyIIQAAAFc"]
[Thu Jun 11 03:01:29.490986 2026] [security2:error] [pid 21126:tid 21152] [client 35.195.84.127:35230] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipPOc0ej6tAIvUNrGEobQAAANg"]
[Thu Jun 11 03:02:18.130636 2026] [security2:error] [pid 21075:tid 21088] [client 34.178.9.79:54964] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aipPanBSW5Z6y_w6HsEjDwAAAAo"]
[Thu Jun 11 03:02:18.130962 2026] [security2:error] [pid 21075:tid 21088] [client 34.178.9.79:54964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aipPanBSW5Z6y_w6HsEjDwAAAAo"]
[Thu Jun 11 03:02:18.131415 2026] [security2:error] [pid 21075:tid 21088] [client 34.178.9.79:54964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/index.html"] [unique_id "aipPanBSW5Z6y_w6HsEjDwAAAAo"]
[Thu Jun 11 03:02:18.280871 2026] [security2:error] [pid 21126:tid 21142] [client 34.178.9.79:54970] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aipPas0ej6tAIvUNrGEprwAAAM4"]
[Thu Jun 11 03:02:18.281236 2026] [security2:error] [pid 21126:tid 21142] [client 34.178.9.79:54970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aipPas0ej6tAIvUNrGEprwAAAM4"]
[Thu Jun 11 03:02:18.281567 2026] [security2:error] [pid 21126:tid 21142] [client 34.178.9.79:54970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/index.html"] [unique_id "aipPas0ej6tAIvUNrGEprwAAAM4"]
[Thu Jun 11 03:02:18.476310 2026] [security2:error] [pid 7752:tid 7765] [client 34.178.9.79:54972] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aipParXVEMZbaEYG_yyOiAAAAEg"]
[Thu Jun 11 03:02:18.476791 2026] [security2:error] [pid 7752:tid 7765] [client 34.178.9.79:54972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aipParXVEMZbaEYG_yyOiAAAAEg"]
[Thu Jun 11 03:02:18.477267 2026] [security2:error] [pid 7752:tid 7765] [client 34.178.9.79:54972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/index.html"] [unique_id "aipParXVEMZbaEYG_yyOiAAAAEg"]
[Thu Jun 11 03:02:18.958163 2026] [security2:error] [pid 21075:tid 21082] [client 34.178.9.79:54976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aipPanBSW5Z6y_w6HsEjEQAAAAQ"]
[Thu Jun 11 03:02:18.958969 2026] [security2:error] [pid 21075:tid 21082] [client 34.178.9.79:54976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aipPanBSW5Z6y_w6HsEjEQAAAAQ"]
[Thu Jun 11 03:02:18.959353 2026] [security2:error] [pid 21075:tid 21082] [client 34.178.9.79:54976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/index.html"] [unique_id "aipPanBSW5Z6y_w6HsEjEQAAAAQ"]
[Thu Jun 11 03:02:18.980874 2026] [security2:error] [pid 21126:tid 21137] [client 34.178.9.79:54986] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aipPas0ej6tAIvUNrGEpsgAAAMk"]
[Thu Jun 11 03:02:18.981260 2026] [security2:error] [pid 21126:tid 21137] [client 34.178.9.79:54986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aipPas0ej6tAIvUNrGEpsgAAAMk"]
[Thu Jun 11 03:02:18.981688 2026] [security2:error] [pid 21126:tid 21137] [client 34.178.9.79:54986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/index.html"] [unique_id "aipPas0ej6tAIvUNrGEpsgAAAMk"]
[Thu Jun 11 03:06:34.690469 2026] [security2:error] [pid 22855:tid 22871] [client 20.106.168.113:57340] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ReportServer"] [unique_id "aipQal71v4pS85P4fn9FfwAAAIU"]
[Thu Jun 11 03:06:34.690680 2026] [security2:error] [pid 22855:tid 22871] [client 20.106.168.113:57340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ReportServer"] [unique_id "aipQal71v4pS85P4fn9FfwAAAIU"]
[Thu Jun 11 03:06:34.691034 2026] [security2:error] [pid 22855:tid 22871] [client 20.106.168.113:57340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ReportServer"] [unique_id "aipQal71v4pS85P4fn9FfwAAAIU"]
[Thu Jun 11 03:06:34.691327 2026] [security2:error] [pid 22855:tid 22871] [client 20.106.168.113:57340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipQal71v4pS85P4fn9FfwAAAIU"]
[Thu Jun 11 03:08:58.471612 2026] [security2:error] [pid 21075:tid 21102] [client 185.226.197.73:34442] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipQ-nBSW5Z6y_w6HsErAAAAABg"]
[Thu Jun 11 03:08:58.589457 2026] [security2:error] [pid 21075:tid 21102] [client 185.226.197.73:34442] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipQ-nBSW5Z6y_w6HsErAQAAABg"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 03:09:23.181857 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aipRE7XVEMZbaEYG_yyWygAAAEQ"]
[Thu Jun 11 03:09:23.182615 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aipRE7XVEMZbaEYG_yyWygAAAEQ"]
[Thu Jun 11 03:09:23.183080 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRE7XVEMZbaEYG_yyWygAAAEQ"]
[Thu Jun 11 03:09:25.182273 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env"] [unique_id "aipRFbXVEMZbaEYG_yyW3AAAAEQ"]
[Thu Jun 11 03:09:25.182640 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env"] [unique_id "aipRFbXVEMZbaEYG_yyW3AAAAEQ"]
[Thu Jun 11 03:09:25.183121 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:17848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFbXVEMZbaEYG_yyW3AAAAEQ"]
[Thu Jun 11 03:09:25.575853 2026] [security2:error] [pid 21075:tid 21084] [client 208.84.101.168:17850] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.backup"] [unique_id "aipRFXBSW5Z6y_w6HsErdwAAAAY"]
[Thu Jun 11 03:09:25.576217 2026] [security2:error] [pid 21075:tid 21084] [client 208.84.101.168:17850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.backup"] [unique_id "aipRFXBSW5Z6y_w6HsErdwAAAAY"]
[Thu Jun 11 03:09:25.576456 2026] [security2:error] [pid 21075:tid 21084] [client 208.84.101.168:17850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.backup"] [unique_id "aipRFXBSW5Z6y_w6HsErdwAAAAY"]
[Thu Jun 11 03:09:25.576849 2026] [security2:error] [pid 21075:tid 21084] [client 208.84.101.168:17850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFXBSW5Z6y_w6HsErdwAAAAY"]
[Thu Jun 11 03:09:25.578339 2026] [security2:error] [pid 22855:tid 22879] [client 208.84.101.168:17880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production"] [unique_id "aipRFV71v4pS85P4fn9JggAAAI0"]
[Thu Jun 11 03:09:25.578555 2026] [security2:error] [pid 22855:tid 22879] [client 208.84.101.168:17880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production"] [unique_id "aipRFV71v4pS85P4fn9JggAAAI0"]
[Thu Jun 11 03:09:25.578905 2026] [security2:error] [pid 22855:tid 22879] [client 208.84.101.168:17880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFV71v4pS85P4fn9JggAAAI0"]
[Thu Jun 11 03:09:25.580531 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:17866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local"] [unique_id "aipRFbXVEMZbaEYG_yyW4QAAAEI"]
[Thu Jun 11 03:09:25.580812 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:17866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local"] [unique_id "aipRFbXVEMZbaEYG_yyW4QAAAEI"]
[Thu Jun 11 03:09:25.581180 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:17866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFbXVEMZbaEYG_yyW4QAAAEI"]
[Thu Jun 11 03:09:25.590309 2026] [security2:error] [pid 1016:tid 1021] [client 208.84.101.168:18702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.test"] [unique_id "aipRFaoCcBDhO7fD3wDEEgAAAUE"]
[Thu Jun 11 03:09:25.590533 2026] [security2:error] [pid 1016:tid 1021] [client 208.84.101.168:18702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.test"] [unique_id "aipRFaoCcBDhO7fD3wDEEgAAAUE"]
[Thu Jun 11 03:09:25.591026 2026] [security2:error] [pid 1016:tid 1021] [client 208.84.101.168:18702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFaoCcBDhO7fD3wDEEgAAAUE"]
[Thu Jun 11 03:09:25.679898 2026] [security2:error] [pid 22855:tid 22884] [client 208.84.101.168:17858] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.bak"] [unique_id "aipRFV71v4pS85P4fn9JhQAAAJI"]
[Thu Jun 11 03:09:25.680136 2026] [security2:error] [pid 22855:tid 22884] [client 208.84.101.168:17858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.bak"] [unique_id "aipRFV71v4pS85P4fn9JhQAAAJI"]
[Thu Jun 11 03:09:25.680427 2026] [security2:error] [pid 22855:tid 22884] [client 208.84.101.168:17858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.bak"] [unique_id "aipRFV71v4pS85P4fn9JhQAAAJI"]
[Thu Jun 11 03:09:25.680777 2026] [security2:error] [pid 22855:tid 22884] [client 208.84.101.168:17858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFV71v4pS85P4fn9JhQAAAJI"]
[Thu Jun 11 03:09:25.767563 2026] [security2:error] [pid 21126:tid 21135] [client 208.84.101.168:18632] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.kube/config"] [unique_id "aipRFc0ej6tAIvUNrGEvFAAAAMc"]
[Thu Jun 11 03:09:25.767964 2026] [security2:error] [pid 21126:tid 21135] [client 208.84.101.168:18632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.kube/config"] [unique_id "aipRFc0ej6tAIvUNrGEvFAAAAMc"]
[Thu Jun 11 03:09:25.768343 2026] [security2:error] [pid 21126:tid 21135] [client 208.84.101.168:18632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFc0ej6tAIvUNrGEvFAAAAMc"]
[Thu Jun 11 03:09:25.787717 2026] [security2:error] [pid 21075:tid 21094] [client 208.84.101.168:18094] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.aws/credentials"] [unique_id "aipRFXBSW5Z6y_w6HsErfQAAABA"]
[Thu Jun 11 03:09:25.787997 2026] [security2:error] [pid 21075:tid 21094] [client 208.84.101.168:18094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.aws/credentials"] [unique_id "aipRFXBSW5Z6y_w6HsErfQAAABA"]
[Thu Jun 11 03:09:25.794058 2026] [security2:error] [pid 21075:tid 21094] [client 208.84.101.168:18094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFXBSW5Z6y_w6HsErfQAAABA"]
[Thu Jun 11 03:09:26.078139 2026] [security2:error] [pid 7752:tid 7777] [client 208.84.101.168:18694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/public/.env"] [unique_id "aipRFrXVEMZbaEYG_yyW6wAAAFQ"]
[Thu Jun 11 03:09:26.078447 2026] [security2:error] [pid 7752:tid 7777] [client 208.84.101.168:18694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/public/.env"] [unique_id "aipRFrXVEMZbaEYG_yyW6wAAAFQ"]
[Thu Jun 11 03:09:26.078856 2026] [security2:error] [pid 7752:tid 7777] [client 208.84.101.168:18694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFrXVEMZbaEYG_yyW6wAAAFQ"]
[Thu Jun 11 03:09:26.079823 2026] [security2:error] [pid 21075:tid 21096] [client 208.84.101.168:18670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/laravel/.env"] [unique_id "aipRFnBSW5Z6y_w6HsErfwAAABI"]
[Thu Jun 11 03:09:26.080073 2026] [security2:error] [pid 21075:tid 21096] [client 208.84.101.168:18670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/laravel/.env"] [unique_id "aipRFnBSW5Z6y_w6HsErfwAAABI"]
[Thu Jun 11 03:09:26.080458 2026] [security2:error] [pid 21075:tid 21096] [client 208.84.101.168:18670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFnBSW5Z6y_w6HsErfwAAABI"]
[Thu Jun 11 03:09:26.087891 2026] [security2:error] [pid 7752:tid 7757] [client 208.84.101.168:18648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/app/.env"] [unique_id "aipRFrXVEMZbaEYG_yyW7AAAAEA"]
[Thu Jun 11 03:09:26.088137 2026] [security2:error] [pid 7752:tid 7757] [client 208.84.101.168:18648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/app/.env"] [unique_id "aipRFrXVEMZbaEYG_yyW7AAAAEA"]
[Thu Jun 11 03:09:26.088474 2026] [security2:error] [pid 7752:tid 7757] [client 208.84.101.168:18648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFrXVEMZbaEYG_yyW7AAAAEA"]
[Thu Jun 11 03:09:26.292979 2026] [security2:error] [pid 7752:tid 7770] [client 208.84.101.168:17922] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.old"] [unique_id "aipRFrXVEMZbaEYG_yyW7gAAAE0"]
[Thu Jun 11 03:09:26.293220 2026] [security2:error] [pid 7752:tid 7770] [client 208.84.101.168:17922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.old"] [unique_id "aipRFrXVEMZbaEYG_yyW7gAAAE0"]
[Thu Jun 11 03:09:26.293499 2026] [security2:error] [pid 7752:tid 7770] [client 208.84.101.168:17922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.old"] [unique_id "aipRFrXVEMZbaEYG_yyW7gAAAE0"]
[Thu Jun 11 03:09:26.293892 2026] [security2:error] [pid 7752:tid 7770] [client 208.84.101.168:17922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFrXVEMZbaEYG_yyW7gAAAE0"]
[Thu Jun 11 03:09:26.375828 2026] [security2:error] [pid 21126:tid 21144] [client 208.84.101.168:17930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.save"] [unique_id "aipRFs0ej6tAIvUNrGEvHgAAANA"]
[Thu Jun 11 03:09:26.376054 2026] [security2:error] [pid 21126:tid 21144] [client 208.84.101.168:17930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.save"] [unique_id "aipRFs0ej6tAIvUNrGEvHgAAANA"]
[Thu Jun 11 03:09:26.376408 2026] [security2:error] [pid 21126:tid 21144] [client 208.84.101.168:17930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFs0ej6tAIvUNrGEvHgAAANA"]
[Thu Jun 11 03:09:26.378712 2026] [security2:error] [pid 22855:tid 22886] [client 208.84.101.168:17984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/backend/.env"] [unique_id "aipRFl71v4pS85P4fn9JjwAAAJQ"]
[Thu Jun 11 03:09:26.380068 2026] [security2:error] [pid 22855:tid 22886] [client 208.84.101.168:17984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/backend/.env"] [unique_id "aipRFl71v4pS85P4fn9JjwAAAJQ"]
[Thu Jun 11 03:09:26.380524 2026] [security2:error] [pid 22855:tid 22886] [client 208.84.101.168:17984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFl71v4pS85P4fn9JjwAAAJQ"]
[Thu Jun 11 03:09:26.478074 2026] [security2:error] [pid 1016:tid 1029] [client 208.84.101.168:17892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/web/.env"] [unique_id "aipRFqoCcBDhO7fD3wDEGQAAAUk"]
[Thu Jun 11 03:09:26.478294 2026] [security2:error] [pid 1016:tid 1029] [client 208.84.101.168:17892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/web/.env"] [unique_id "aipRFqoCcBDhO7fD3wDEGQAAAUk"]
[Thu Jun 11 03:09:26.479239 2026] [security2:error] [pid 1016:tid 1029] [client 208.84.101.168:17892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRFqoCcBDhO7fD3wDEGQAAAUk"]
[Thu Jun 11 03:09:30.379716 2026] [security2:error] [pid 22855:tid 22881] [client 208.84.101.168:18020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/server/.env"] [unique_id "aipRGl71v4pS85P4fn9JpQAAAI8"]
[Thu Jun 11 03:09:30.379951 2026] [security2:error] [pid 22855:tid 22881] [client 208.84.101.168:18020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/server/.env"] [unique_id "aipRGl71v4pS85P4fn9JpQAAAI8"]
[Thu Jun 11 03:09:30.380330 2026] [security2:error] [pid 22855:tid 22881] [client 208.84.101.168:18020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGl71v4pS85P4fn9JpQAAAI8"]
[Thu Jun 11 03:09:30.384897 2026] [security2:error] [pid 21075:tid 21088] [client 208.84.101.168:17924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.staging"] [unique_id "aipRGnBSW5Z6y_w6HsErkAAAAAo"]
[Thu Jun 11 03:09:30.385136 2026] [security2:error] [pid 21075:tid 21088] [client 208.84.101.168:17924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.staging"] [unique_id "aipRGnBSW5Z6y_w6HsErkAAAAAo"]
[Thu Jun 11 03:09:30.385463 2026] [security2:error] [pid 21075:tid 21088] [client 208.84.101.168:17924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGnBSW5Z6y_w6HsErkAAAAAo"]
[Thu Jun 11 03:09:30.465363 2026] [security2:error] [pid 21126:tid 21138] [client 208.84.101.168:18006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/src/.env"] [unique_id "aipRGs0ej6tAIvUNrGEvNAAAAMo"]
[Thu Jun 11 03:09:30.465750 2026] [security2:error] [pid 21126:tid 21138] [client 208.84.101.168:18006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/src/.env"] [unique_id "aipRGs0ej6tAIvUNrGEvNAAAAMo"]
[Thu Jun 11 03:09:30.466206 2026] [security2:error] [pid 21126:tid 21138] [client 208.84.101.168:18006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGs0ej6tAIvUNrGEvNAAAAMo"]
[Thu Jun 11 03:09:30.468080 2026] [security2:error] [pid 7752:tid 7769] [client 208.84.101.168:17906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.development"] [unique_id "aipRGrXVEMZbaEYG_yyXEAAAAEw"]
[Thu Jun 11 03:09:30.468336 2026] [security2:error] [pid 7752:tid 7769] [client 208.84.101.168:17906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.development"] [unique_id "aipRGrXVEMZbaEYG_yyXEAAAAEw"]
[Thu Jun 11 03:09:30.468704 2026] [security2:error] [pid 7752:tid 7769] [client 208.84.101.168:17906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGrXVEMZbaEYG_yyXEAAAAEw"]
[Thu Jun 11 03:09:30.479596 2026] [security2:error] [pid 22855:tid 22890] [client 208.84.101.168:17968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/api/.env"] [unique_id "aipRGl71v4pS85P4fn9JqAAAAJg"]
[Thu Jun 11 03:09:30.479951 2026] [security2:error] [pid 22855:tid 22890] [client 208.84.101.168:17968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/api/.env"] [unique_id "aipRGl71v4pS85P4fn9JqAAAAJg"]
[Thu Jun 11 03:09:30.480296 2026] [security2:error] [pid 22855:tid 22890] [client 208.84.101.168:17968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGl71v4pS85P4fn9JqAAAAJg"]
[Thu Jun 11 03:09:30.481718 2026] [security2:error] [pid 1016:tid 1032] [client 208.84.101.168:18624] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.docker/config.json"] [unique_id "aipRGqoCcBDhO7fD3wDEKgAAAUw"]
[Thu Jun 11 03:09:30.481946 2026] [security2:error] [pid 1016:tid 1032] [client 208.84.101.168:18624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.docker/config.json"] [unique_id "aipRGqoCcBDhO7fD3wDEKgAAAUw"]
[Thu Jun 11 03:09:30.482257 2026] [security2:error] [pid 1016:tid 1032] [client 208.84.101.168:18624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRGqoCcBDhO7fD3wDEKgAAAUw"]
[Thu Jun 11 03:09:33.485474 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.copy"] [unique_id "aipRHbXVEMZbaEYG_yyXJwAAAEc"]
[Thu Jun 11 03:09:33.485805 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.copy"] [unique_id "aipRHbXVEMZbaEYG_yyXJwAAAEc"]
[Thu Jun 11 03:09:33.486236 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHbXVEMZbaEYG_yyXJwAAAEc"]
[Thu Jun 11 03:09:33.582893 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aipRHXBSW5Z6y_w6HsErnQAAABQ"]
[Thu Jun 11 03:09:33.583181 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aipRHXBSW5Z6y_w6HsErnQAAABQ"]
[Thu Jun 11 03:09:33.583687 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHXBSW5Z6y_w6HsErnQAAABQ"]
[Thu Jun 11 03:09:33.584895 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/HEAD"] [unique_id "aipRHXBSW5Z6y_w6HsErnAAAABM"]
[Thu Jun 11 03:09:33.585143 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/HEAD"] [unique_id "aipRHXBSW5Z6y_w6HsErnAAAABM"]
[Thu Jun 11 03:09:33.585141 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/config"] [unique_id "aipRHc0ej6tAIvUNrGEvTwAAAMA"]
[Thu Jun 11 03:09:33.585362 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/config"] [unique_id "aipRHc0ej6tAIvUNrGEvTwAAAMA"]
[Thu Jun 11 03:09:33.585486 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHXBSW5Z6y_w6HsErnAAAABM"]
[Thu Jun 11 03:09:33.585713 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHc0ej6tAIvUNrGEvTwAAAMA"]
[Thu Jun 11 03:09:34.474282 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aipRHrXVEMZbaEYG_yyXLwAAAEc"]
[Thu Jun 11 03:09:34.474553 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aipRHrXVEMZbaEYG_yyXLwAAAEc"]
[Thu Jun 11 03:09:34.475083 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHrXVEMZbaEYG_yyXLwAAAEc"]
[Thu Jun 11 03:09:34.763266 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aipRHnBSW5Z6y_w6HsErogAAABM"]
[Thu Jun 11 03:09:34.763761 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aipRHnBSW5Z6y_w6HsErogAAABM"]
[Thu Jun 11 03:09:34.764295 2026] [security2:error] [pid 21075:tid 21097] [client 208.84.101.168:18022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHnBSW5Z6y_w6HsErogAAABM"]
[Thu Jun 11 03:09:34.764758 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env~"] [unique_id "aipRHnBSW5Z6y_w6HsErowAAABQ"]
[Thu Jun 11 03:09:34.764967 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env~"] [unique_id "aipRHnBSW5Z6y_w6HsErowAAABQ"]
[Thu Jun 11 03:09:34.765194 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env~"] [unique_id "aipRHnBSW5Z6y_w6HsErowAAABQ"]
[Thu Jun 11 03:09:34.765528 2026] [security2:error] [pid 21075:tid 21098] [client 208.84.101.168:18038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHnBSW5Z6y_w6HsErowAAABQ"]
[Thu Jun 11 03:09:34.766925 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aipRHs0ej6tAIvUNrGEvWAAAAMA"]
[Thu Jun 11 03:09:34.767140 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aipRHs0ej6tAIvUNrGEvWAAAAMA"]
[Thu Jun 11 03:09:34.767467 2026] [security2:error] [pid 21126:tid 21128] [client 208.84.101.168:18120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRHs0ej6tAIvUNrGEvWAAAAMA"]
[Thu Jun 11 03:09:35.672918 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.swp"] [unique_id "aipRH7XVEMZbaEYG_yyXOAAAAEc"]
[Thu Jun 11 03:09:35.673165 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.swp"] [unique_id "aipRH7XVEMZbaEYG_yyXOAAAAEc"]
[Thu Jun 11 03:09:35.673472 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.swp"] [unique_id "aipRH7XVEMZbaEYG_yyXOAAAAEc"]
[Thu Jun 11 03:09:35.673906 2026] [security2:error] [pid 7752:tid 7764] [client 208.84.101.168:18024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH7XVEMZbaEYG_yyXOAAAAEc"]
[Thu Jun 11 03:09:35.773556 2026] [security2:error] [pid 21075:tid 21095] [client 208.84.101.168:44686] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.production.swp"] [unique_id "aipRH3BSW5Z6y_w6HsErpwAAABE"]
[Thu Jun 11 03:09:35.774806 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:44558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.orig"] [unique_id "aipRH7XVEMZbaEYG_yyXOgAAAEI"]
[Thu Jun 11 03:09:35.775105 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:44558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.orig"] [unique_id "aipRH7XVEMZbaEYG_yyXOgAAAEI"]
[Thu Jun 11 03:09:35.775136 2026] [security2:error] [pid 1016:tid 1024] [client 208.84.101.168:44534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.save"] [unique_id "aipRH6oCcBDhO7fD3wDEMgAAAUQ"]
[Thu Jun 11 03:09:35.775372 2026] [security2:error] [pid 1016:tid 1024] [client 208.84.101.168:44534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.save"] [unique_id "aipRH6oCcBDhO7fD3wDEMgAAAUQ"]
[Thu Jun 11 03:09:35.775487 2026] [security2:error] [pid 7752:tid 7759] [client 208.84.101.168:44558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH7XVEMZbaEYG_yyXOgAAAEI"]
[Thu Jun 11 03:09:35.775737 2026] [security2:error] [pid 1016:tid 1024] [client 208.84.101.168:44534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH6oCcBDhO7fD3wDEMgAAAUQ"]
[Thu Jun 11 03:09:35.776968 2026] [security2:error] [pid 7752:tid 7768] [client 208.84.101.168:44618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.orig"] [unique_id "aipRH7XVEMZbaEYG_yyXOwAAAEs"]
[Thu Jun 11 03:09:35.777076 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:44612] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.production.old"] [unique_id "aipRH7XVEMZbaEYG_yyXPAAAAEQ"]
[Thu Jun 11 03:09:35.777195 2026] [security2:error] [pid 7752:tid 7768] [client 208.84.101.168:44618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.orig"] [unique_id "aipRH7XVEMZbaEYG_yyXOwAAAEs"]
[Thu Jun 11 03:09:35.777278 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:44612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.old"] [unique_id "aipRH7XVEMZbaEYG_yyXPAAAAEQ"]
[Thu Jun 11 03:09:35.777475 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:44612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.old"] [unique_id "aipRH7XVEMZbaEYG_yyXPAAAAEQ"]
[Thu Jun 11 03:09:35.777549 2026] [security2:error] [pid 7752:tid 7768] [client 208.84.101.168:44618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH7XVEMZbaEYG_yyXOwAAAEs"]
[Thu Jun 11 03:09:35.779437 2026] [security2:error] [pid 11316:tid 11327] [client 208.84.101.168:44518] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.local.swp"] [unique_id "aipRH6Ls2JEyoAHzH4lacwAAAQg"]
[Thu Jun 11 03:09:35.779668 2026] [security2:error] [pid 11316:tid 11327] [client 208.84.101.168:44518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.swp"] [unique_id "aipRH6Ls2JEyoAHzH4lacwAAAQg"]
[Thu Jun 11 03:09:35.779821 2026] [security2:error] [pid 21126:tid 21131] [client 208.84.101.168:44584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.copy"] [unique_id "aipRH80ej6tAIvUNrGEvXQAAAMM"]
[Thu Jun 11 03:09:35.779888 2026] [security2:error] [pid 11316:tid 11327] [client 208.84.101.168:44518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.swp"] [unique_id "aipRH6Ls2JEyoAHzH4lacwAAAQg"]
[Thu Jun 11 03:09:35.780039 2026] [security2:error] [pid 21126:tid 21131] [client 208.84.101.168:44584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.copy"] [unique_id "aipRH80ej6tAIvUNrGEvXQAAAMM"]
[Thu Jun 11 03:09:35.780252 2026] [security2:error] [pid 11316:tid 11327] [client 208.84.101.168:44518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH6Ls2JEyoAHzH4lacwAAAQg"]
[Thu Jun 11 03:09:35.780395 2026] [security2:error] [pid 21126:tid 21131] [client 208.84.101.168:44584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH80ej6tAIvUNrGEvXQAAAMM"]
[Thu Jun 11 03:09:35.780524 2026] [security2:error] [pid 21075:tid 21095] [client 208.84.101.168:44686] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.swp"] [unique_id "aipRH3BSW5Z6y_w6HsErpwAAABE"]
[Thu Jun 11 03:09:35.780861 2026] [security2:error] [pid 21075:tid 21095] [client 208.84.101.168:44686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.swp"] [unique_id "aipRH3BSW5Z6y_w6HsErpwAAABE"]
[Thu Jun 11 03:09:35.781199 2026] [security2:error] [pid 21075:tid 21095] [client 208.84.101.168:44686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH3BSW5Z6y_w6HsErpwAAABE"]
[Thu Jun 11 03:09:35.781456 2026] [security2:error] [pid 11316:tid 11329] [client 208.84.101.168:44670] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.production~"] [unique_id "aipRH6Ls2JEyoAHzH4ladAAAAQo"]
[Thu Jun 11 03:09:35.781496 2026] [security2:error] [pid 7752:tid 7761] [client 208.84.101.168:44612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH7XVEMZbaEYG_yyXPAAAAEQ"]
[Thu Jun 11 03:09:35.781690 2026] [security2:error] [pid 11316:tid 11329] [client 208.84.101.168:44670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production~"] [unique_id "aipRH6Ls2JEyoAHzH4ladAAAAQo"]
[Thu Jun 11 03:09:35.781900 2026] [security2:error] [pid 11316:tid 11329] [client 208.84.101.168:44670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production~"] [unique_id "aipRH6Ls2JEyoAHzH4ladAAAAQo"]
[Thu Jun 11 03:09:35.782263 2026] [security2:error] [pid 11316:tid 11329] [client 208.84.101.168:44670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH6Ls2JEyoAHzH4ladAAAAQo"]
[Thu Jun 11 03:09:35.782766 2026] [security2:error] [pid 22855:tid 22875] [client 208.84.101.168:44628] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.production.bak"] [unique_id "aipRH171v4pS85P4fn9JwQAAAIk"]
[Thu Jun 11 03:09:35.782961 2026] [security2:error] [pid 22855:tid 22875] [client 208.84.101.168:44628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.bak"] [unique_id "aipRH171v4pS85P4fn9JwQAAAIk"]
[Thu Jun 11 03:09:35.783161 2026] [security2:error] [pid 22855:tid 22875] [client 208.84.101.168:44628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.bak"] [unique_id "aipRH171v4pS85P4fn9JwQAAAIk"]
[Thu Jun 11 03:09:35.783505 2026] [security2:error] [pid 22855:tid 22875] [client 208.84.101.168:44628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRH171v4pS85P4fn9JwQAAAIk"]
[Thu Jun 11 03:09:38.367448 2026] [security2:error] [pid 1016:tid 1028] [client 208.84.101.168:44542] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.local.old"] [unique_id "aipRIqoCcBDhO7fD3wDEPQAAAUg"]
[Thu Jun 11 03:09:38.367727 2026] [security2:error] [pid 1016:tid 1028] [client 208.84.101.168:44542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.old"] [unique_id "aipRIqoCcBDhO7fD3wDEPQAAAUg"]
[Thu Jun 11 03:09:38.368025 2026] [security2:error] [pid 1016:tid 1028] [client 208.84.101.168:44542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.old"] [unique_id "aipRIqoCcBDhO7fD3wDEPQAAAUg"]
[Thu Jun 11 03:09:38.368410 2026] [security2:error] [pid 1016:tid 1028] [client 208.84.101.168:44542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIqoCcBDhO7fD3wDEPQAAAUg"]
[Thu Jun 11 03:09:38.370148 2026] [security2:error] [pid 22855:tid 22888] [client 208.84.101.168:44470] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.copy"] [unique_id "aipRIl71v4pS85P4fn9JzgAAAJY"]
[Thu Jun 11 03:09:38.370395 2026] [security2:error] [pid 22855:tid 22888] [client 208.84.101.168:44470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.copy"] [unique_id "aipRIl71v4pS85P4fn9JzgAAAJY"]
[Thu Jun 11 03:09:38.370789 2026] [security2:error] [pid 22855:tid 22888] [client 208.84.101.168:44470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIl71v4pS85P4fn9JzgAAAJY"]
[Thu Jun 11 03:09:38.377835 2026] [security2:error] [pid 11316:tid 11328] [client 208.84.101.168:44568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.save"] [unique_id "aipRIqLs2JEyoAHzH4ladwAAAQk"]
[Thu Jun 11 03:09:38.378091 2026] [security2:error] [pid 11316:tid 11328] [client 208.84.101.168:44568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.save"] [unique_id "aipRIqLs2JEyoAHzH4ladwAAAQk"]
[Thu Jun 11 03:09:38.378532 2026] [security2:error] [pid 11316:tid 11328] [client 208.84.101.168:44568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIqLs2JEyoAHzH4ladwAAAQk"]
[Thu Jun 11 03:09:38.378631 2026] [security2:error] [pid 1016:tid 1044] [client 208.84.101.168:44462] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.local~"] [unique_id "aipRIqoCcBDhO7fD3wDEPgAAAVg"]
[Thu Jun 11 03:09:38.378841 2026] [security2:error] [pid 1016:tid 1044] [client 208.84.101.168:44462] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local~"] [unique_id "aipRIqoCcBDhO7fD3wDEPgAAAVg"]
[Thu Jun 11 03:09:38.379122 2026] [security2:error] [pid 1016:tid 1044] [client 208.84.101.168:44462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local~"] [unique_id "aipRIqoCcBDhO7fD3wDEPgAAAVg"]
[Thu Jun 11 03:09:38.379463 2026] [security2:error] [pid 1016:tid 1044] [client 208.84.101.168:44462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIqoCcBDhO7fD3wDEPgAAAVg"]
[Thu Jun 11 03:09:38.379934 2026] [security2:error] [pid 21075:tid 21092] [client 208.84.101.168:44500] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.local.backup"] [unique_id "aipRInBSW5Z6y_w6HsErsQAAAA4"]
[Thu Jun 11 03:09:38.380100 2026] [security2:error] [pid 7752:tid 7779] [client 208.84.101.168:44484] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.local.bak"] [unique_id "aipRIrXVEMZbaEYG_yyXSgAAAFY"]
[Thu Jun 11 03:09:38.380153 2026] [security2:error] [pid 21075:tid 21092] [client 208.84.101.168:44500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.backup"] [unique_id "aipRInBSW5Z6y_w6HsErsQAAAA4"]
[Thu Jun 11 03:09:38.380350 2026] [security2:error] [pid 7752:tid 7779] [client 208.84.101.168:44484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.local.bak"] [unique_id "aipRIrXVEMZbaEYG_yyXSgAAAFY"]
[Thu Jun 11 03:09:38.380389 2026] [security2:error] [pid 21075:tid 21092] [client 208.84.101.168:44500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.backup"] [unique_id "aipRInBSW5Z6y_w6HsErsQAAAA4"]
[Thu Jun 11 03:09:38.380620 2026] [security2:error] [pid 7752:tid 7779] [client 208.84.101.168:44484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.local.bak"] [unique_id "aipRIrXVEMZbaEYG_yyXSgAAAFY"]
[Thu Jun 11 03:09:38.380781 2026] [security2:error] [pid 21075:tid 21092] [client 208.84.101.168:44500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRInBSW5Z6y_w6HsErsQAAAA4"]
[Thu Jun 11 03:09:38.380955 2026] [security2:error] [pid 7752:tid 7779] [client 208.84.101.168:44484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIrXVEMZbaEYG_yyXSgAAAFY"]
[Thu Jun 11 03:09:38.382064 2026] [security2:error] [pid 21126:tid 21147] [client 208.84.101.168:44658] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "webmail.machen.ai"] [uri "/.env.production.backup"] [unique_id "aipRIs0ej6tAIvUNrGEvZwAAANM"]
[Thu Jun 11 03:09:38.382267 2026] [security2:error] [pid 21126:tid 21147] [client 208.84.101.168:44658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.production.backup"] [unique_id "aipRIs0ej6tAIvUNrGEvZwAAANM"]
[Thu Jun 11 03:09:38.382465 2026] [security2:error] [pid 21126:tid 21147] [client 208.84.101.168:44658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.production.backup"] [unique_id "aipRIs0ej6tAIvUNrGEvZwAAANM"]
[Thu Jun 11 03:09:38.382981 2026] [security2:error] [pid 21126:tid 21147] [client 208.84.101.168:44658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIs0ej6tAIvUNrGEvZwAAANM"]
[Thu Jun 11 03:09:38.383703 2026] [security2:error] [pid 21126:tid 21141] [client 208.84.101.168:44512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "webmail.machen.ai"] [uri "/.env.orig"] [unique_id "aipRIs0ej6tAIvUNrGEvZgAAAM0"]
[Thu Jun 11 03:09:38.383928 2026] [security2:error] [pid 21126:tid 21141] [client 208.84.101.168:44512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webmail.machen.ai"] [uri "/.env.orig"] [unique_id "aipRIs0ej6tAIvUNrGEvZgAAAM0"]
[Thu Jun 11 03:09:38.384256 2026] [security2:error] [pid 21126:tid 21141] [client 208.84.101.168:44512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "webmail.machen.ai"] [uri "/index.html"] [unique_id "aipRIs0ej6tAIvUNrGEvZgAAAM0"]
[Thu Jun 11 03:11:32.037966 2026] [security2:error] [pid 21075:tid 21082] [client 207.241.173.124:63142] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/wp-content/debug.log"] [unique_id "aipRlHBSW5Z6y_w6HsEtOAAAAAQ"]
[Thu Jun 11 03:11:32.038457 2026] [security2:error] [pid 21075:tid 21082] [client 207.241.173.124:63142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/wp-content/debug.log"] [unique_id "aipRlHBSW5Z6y_w6HsEtOAAAAAQ"]
[Thu Jun 11 03:11:32.038875 2026] [security2:error] [pid 21075:tid 21082] [client 207.241.173.124:63142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/wp-content/debug.log"] [unique_id "aipRlHBSW5Z6y_w6HsEtOAAAAAQ"]
[Thu Jun 11 03:11:33.822157 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:63764] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.docker/config.json"] [unique_id "aipRlaoCcBDhO7fD3wDFYwAAAVQ"]
[Thu Jun 11 03:11:33.822373 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:63764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.docker/config.json"] [unique_id "aipRlaoCcBDhO7fD3wDFYwAAAVQ"]
[Thu Jun 11 03:11:33.822655 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:63764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.docker/config.json"] [unique_id "aipRlaoCcBDhO7fD3wDFYwAAAVQ"]
[Thu Jun 11 03:11:33.830745 2026] [security2:error] [pid 11316:tid 11319] [client 207.241.173.124:63774] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.kube/config"] [unique_id "aipRlaLs2JEyoAHzH4lbwQAAAQA"]
[Thu Jun 11 03:11:33.830968 2026] [security2:error] [pid 11316:tid 11319] [client 207.241.173.124:63774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.kube/config"] [unique_id "aipRlaLs2JEyoAHzH4lbwQAAAQA"]
[Thu Jun 11 03:11:33.831193 2026] [security2:error] [pid 11316:tid 11319] [client 207.241.173.124:63774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.kube/config"] [unique_id "aipRlaLs2JEyoAHzH4lbwQAAAQA"]
[Thu Jun 11 03:11:33.839842 2026] [security2:error] [pid 7752:tid 7775] [client 207.241.173.124:63288] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsAAAAFI"]
[Thu Jun 11 03:11:33.840090 2026] [security2:error] [pid 7752:tid 7775] [client 207.241.173.124:63288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsAAAAFI"]
[Thu Jun 11 03:11:33.840551 2026] [security2:error] [pid 7752:tid 7775] [client 207.241.173.124:63288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsAAAAFI"]
[Thu Jun 11 03:11:33.842395 2026] [security2:error] [pid 21075:tid 21097] [client 207.241.173.124:63262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtSgAAABM"]
[Thu Jun 11 03:11:33.842714 2026] [security2:error] [pid 21075:tid 21097] [client 207.241.173.124:63262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtSgAAABM"]
[Thu Jun 11 03:11:33.842969 2026] [security2:error] [pid 21075:tid 21097] [client 207.241.173.124:63262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtSgAAABM"]
[Thu Jun 11 03:11:33.849549 2026] [security2:error] [pid 21075:tid 21084] [client 207.241.173.124:63238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtTAAAAAY"]
[Thu Jun 11 03:11:33.849814 2026] [security2:error] [pid 21075:tid 21084] [client 207.241.173.124:63238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtTAAAAAY"]
[Thu Jun 11 03:11:33.850040 2026] [security2:error] [pid 21075:tid 21084] [client 207.241.173.124:63238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtTAAAAAY"]
[Thu Jun 11 03:11:33.851221 2026] [security2:error] [pid 21126:tid 21129] [client 207.241.173.124:63220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aipRlc0ej6tAIvUNrGExswAAAME"]
[Thu Jun 11 03:11:33.851449 2026] [security2:error] [pid 21126:tid 21129] [client 207.241.173.124:63220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aipRlc0ej6tAIvUNrGExswAAAME"]
[Thu Jun 11 03:11:33.851710 2026] [security2:error] [pid 21126:tid 21129] [client 207.241.173.124:63220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aipRlc0ej6tAIvUNrGExswAAAME"]
[Thu Jun 11 03:11:33.851754 2026] [security2:error] [pid 7752:tid 7765] [client 207.241.173.124:63230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsgAAAEg"]
[Thu Jun 11 03:11:33.851978 2026] [security2:error] [pid 7752:tid 7765] [client 207.241.173.124:63230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsgAAAEg"]
[Thu Jun 11 03:11:33.852323 2026] [security2:error] [pid 7752:tid 7765] [client 207.241.173.124:63230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aipRlbXVEMZbaEYG_yyYsgAAAEg"]
[Thu Jun 11 03:11:33.854506 2026] [security2:error] [pid 21126:tid 21135] [client 207.241.173.124:63166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aipRlc0ej6tAIvUNrGExtAAAAMc"]
[Thu Jun 11 03:11:33.854733 2026] [security2:error] [pid 21126:tid 21135] [client 207.241.173.124:63166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aipRlc0ej6tAIvUNrGExtAAAAMc"]
[Thu Jun 11 03:11:33.854923 2026] [security2:error] [pid 21126:tid 21135] [client 207.241.173.124:63166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aipRlc0ej6tAIvUNrGExtAAAAMc"]
[Thu Jun 11 03:11:33.855239 2026] [security2:error] [pid 21126:tid 21135] [client 207.241.173.124:63166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aipRlc0ej6tAIvUNrGExtAAAAMc"]
[Thu Jun 11 03:11:33.856667 2026] [security2:error] [pid 11316:tid 11331] [client 207.241.173.124:63158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production"] [unique_id "aipRlaLs2JEyoAHzH4lbxgAAAQw"]
[Thu Jun 11 03:11:33.856929 2026] [security2:error] [pid 11316:tid 11331] [client 207.241.173.124:63158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production"] [unique_id "aipRlaLs2JEyoAHzH4lbxgAAAQw"]
[Thu Jun 11 03:11:33.857187 2026] [security2:error] [pid 11316:tid 11331] [client 207.241.173.124:63158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production"] [unique_id "aipRlaLs2JEyoAHzH4lbxgAAAQw"]
[Thu Jun 11 03:11:33.860522 2026] [security2:error] [pid 7752:tid 7762] [client 207.241.173.124:63204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.test"] [unique_id "aipRlbXVEMZbaEYG_yyYtAAAAEU"]
[Thu Jun 11 03:11:33.860803 2026] [security2:error] [pid 7752:tid 7762] [client 207.241.173.124:63204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.test"] [unique_id "aipRlbXVEMZbaEYG_yyYtAAAAEU"]
[Thu Jun 11 03:11:33.861070 2026] [security2:error] [pid 7752:tid 7762] [client 207.241.173.124:63204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.test"] [unique_id "aipRlbXVEMZbaEYG_yyYtAAAAEU"]
[Thu Jun 11 03:11:33.861220 2026] [security2:error] [pid 1016:tid 1037] [client 207.241.173.124:63214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aipRlaoCcBDhO7fD3wDFaAAAAVE"]
[Thu Jun 11 03:11:33.861432 2026] [security2:error] [pid 1016:tid 1037] [client 207.241.173.124:63214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aipRlaoCcBDhO7fD3wDFaAAAAVE"]
[Thu Jun 11 03:11:33.861657 2026] [security2:error] [pid 1016:tid 1037] [client 207.241.173.124:63214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aipRlaoCcBDhO7fD3wDFaAAAAVE"]
[Thu Jun 11 03:11:33.861887 2026] [security2:error] [pid 1016:tid 1037] [client 207.241.173.124:63214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aipRlaoCcBDhO7fD3wDFaAAAAVE"]
[Thu Jun 11 03:11:33.864624 2026] [security2:error] [pid 21126:tid 21133] [client 207.241.173.124:63190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aipRlc0ej6tAIvUNrGExtQAAAMU"]
[Thu Jun 11 03:11:33.864816 2026] [security2:error] [pid 22855:tid 22879] [client 207.241.173.124:63256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "aipRlV71v4pS85P4fn9LoQAAAI0"]
[Thu Jun 11 03:11:33.864868 2026] [security2:error] [pid 21126:tid 21133] [client 207.241.173.124:63190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aipRlc0ej6tAIvUNrGExtQAAAMU"]
[Thu Jun 11 03:11:33.865049 2026] [security2:error] [pid 22855:tid 22879] [client 207.241.173.124:63256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "aipRlV71v4pS85P4fn9LoQAAAI0"]
[Thu Jun 11 03:11:33.865097 2026] [security2:error] [pid 21126:tid 21133] [client 207.241.173.124:63190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aipRlc0ej6tAIvUNrGExtQAAAMU"]
[Thu Jun 11 03:11:33.865390 2026] [security2:error] [pid 22855:tid 22879] [client 207.241.173.124:63256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "aipRlV71v4pS85P4fn9LoQAAAI0"]
[Thu Jun 11 03:11:33.866252 2026] [security2:error] [pid 11316:tid 11325] [client 207.241.173.124:63148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aipRlaLs2JEyoAHzH4lbxwAAAQY"]
[Thu Jun 11 03:11:33.866468 2026] [security2:error] [pid 11316:tid 11325] [client 207.241.173.124:63148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aipRlaLs2JEyoAHzH4lbxwAAAQY"]
[Thu Jun 11 03:11:33.866734 2026] [security2:error] [pid 11316:tid 11325] [client 207.241.173.124:63148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aipRlaLs2JEyoAHzH4lbxwAAAQY"]
[Thu Jun 11 03:11:33.868189 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:63188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aipRlV71v4pS85P4fn9LpQAAAIQ"]
[Thu Jun 11 03:11:33.868459 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:63188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aipRlV71v4pS85P4fn9LpQAAAIQ"]
[Thu Jun 11 03:11:33.874622 2026] [security2:error] [pid 21075:tid 21095] [client 207.241.173.124:63352] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aipRlXBSW5Z6y_w6HsEtTwAAABE"]
[Thu Jun 11 03:11:33.874911 2026] [security2:error] [pid 21075:tid 21095] [client 207.241.173.124:63352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aipRlXBSW5Z6y_w6HsEtTwAAABE"]
[Thu Jun 11 03:11:33.875146 2026] [security2:error] [pid 21075:tid 21095] [client 207.241.173.124:63352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aipRlXBSW5Z6y_w6HsEtTwAAABE"]
[Thu Jun 11 03:11:33.876878 2026] [security2:error] [pid 21126:tid 21150] [client 207.241.173.124:63272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aipRlc0ej6tAIvUNrGExtwAAANY"]
[Thu Jun 11 03:11:33.877113 2026] [security2:error] [pid 21126:tid 21150] [client 207.241.173.124:63272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aipRlc0ej6tAIvUNrGExtwAAANY"]
[Thu Jun 11 03:11:33.877355 2026] [security2:error] [pid 21126:tid 21150] [client 207.241.173.124:63272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aipRlc0ej6tAIvUNrGExtwAAANY"]
[Thu Jun 11 03:11:33.879998 2026] [security2:error] [pid 21075:tid 21098] [client 207.241.173.124:63286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtUAAAABQ"]
[Thu Jun 11 03:11:33.880183 2026] [security2:error] [pid 21075:tid 21098] [client 207.241.173.124:63286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtUAAAABQ"]
[Thu Jun 11 03:11:33.880422 2026] [security2:error] [pid 21075:tid 21098] [client 207.241.173.124:63286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aipRlXBSW5Z6y_w6HsEtUAAAABQ"]
[Thu Jun 11 03:11:33.885297 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:63176] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aipRlXBSW5Z6y_w6HsEtTgAAAAI"]
[Thu Jun 11 03:11:33.885507 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:63176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aipRlXBSW5Z6y_w6HsEtTgAAAAI"]
[Thu Jun 11 03:11:33.885797 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:63176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aipRlXBSW5Z6y_w6HsEtTgAAAAI"]
[Thu Jun 11 03:11:33.886104 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:63176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aipRlXBSW5Z6y_w6HsEtTgAAAAI"]
[Thu Jun 11 03:11:33.886966 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:63146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env"] [unique_id "aipRlV71v4pS85P4fn9LpAAAAIY"]
[Thu Jun 11 03:11:33.887337 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:63146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env"] [unique_id "aipRlV71v4pS85P4fn9LpAAAAIY"]
[Thu Jun 11 03:11:33.887646 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:63146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env"] [unique_id "aipRlV71v4pS85P4fn9LpAAAAIY"]
[Thu Jun 11 03:11:33.889568 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:63188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aipRlV71v4pS85P4fn9LpQAAAIQ"]
[Thu Jun 11 03:11:34.052057 2026] [security2:error] [pid 7752:tid 7761] [client 207.241.173.124:63250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aipRlrXVEMZbaEYG_yyYugAAAEQ"]
[Thu Jun 11 03:11:34.052440 2026] [security2:error] [pid 7752:tid 7761] [client 207.241.173.124:63250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aipRlrXVEMZbaEYG_yyYugAAAEQ"]
[Thu Jun 11 03:11:34.052817 2026] [security2:error] [pid 7752:tid 7761] [client 207.241.173.124:63250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aipRlrXVEMZbaEYG_yyYugAAAEQ"]
[Thu Jun 11 03:11:47.278325 2026] [security2:error] [pid 7752:tid 7766] [client 205.210.31.2:63128] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aipRo7XVEMZbaEYG_yyY4AAAAEk"]
[Thu Jun 11 03:11:48.540820 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.copy"] [unique_id "aipRpM0ej6tAIvUNrGEx6AAAANc"]
[Thu Jun 11 03:11:48.541063 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.copy"] [unique_id "aipRpM0ej6tAIvUNrGEx6AAAANc"]
[Thu Jun 11 03:11:48.541294 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.copy"] [unique_id "aipRpM0ej6tAIvUNrGEx6AAAANc"]
[Thu Jun 11 03:11:49.333967 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "aipRpc0ej6tAIvUNrGEx7AAAANc"]
[Thu Jun 11 03:11:49.334305 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "aipRpc0ej6tAIvUNrGEx7AAAANc"]
[Thu Jun 11 03:11:49.334549 2026] [security2:error] [pid 21126:tid 21151] [client 207.241.173.124:17868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "aipRpc0ej6tAIvUNrGEx7AAAANc"]
[Thu Jun 11 03:11:49.406106 2026] [security2:error] [pid 7752:tid 7757] [client 207.241.173.124:18022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.copy"] [unique_id "aipRpbXVEMZbaEYG_yyY5gAAAEA"]
[Thu Jun 11 03:11:49.406469 2026] [security2:error] [pid 7752:tid 7757] [client 207.241.173.124:18022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.copy"] [unique_id "aipRpbXVEMZbaEYG_yyY5gAAAEA"]
[Thu Jun 11 03:11:49.406786 2026] [security2:error] [pid 7752:tid 7757] [client 207.241.173.124:18022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.copy"] [unique_id "aipRpbXVEMZbaEYG_yyY5gAAAEA"]
[Thu Jun 11 03:11:49.408079 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:18004] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aipRpaoCcBDhO7fD3wDFigAAAVQ"]
[Thu Jun 11 03:11:49.408284 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:18004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aipRpaoCcBDhO7fD3wDFigAAAVQ"]
[Thu Jun 11 03:11:49.408493 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:18004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aipRpaoCcBDhO7fD3wDFigAAAVQ"]
[Thu Jun 11 03:11:49.408743 2026] [security2:error] [pid 1016:tid 1040] [client 207.241.173.124:18004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aipRpaoCcBDhO7fD3wDFigAAAVQ"]
[Thu Jun 11 03:11:49.416916 2026] [security2:error] [pid 21075:tid 21091] [client 207.241.173.124:18072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.save"] [unique_id "aipRpXBSW5Z6y_w6HsEtqQAAAA0"]
[Thu Jun 11 03:11:49.417150 2026] [security2:error] [pid 21075:tid 21091] [client 207.241.173.124:18072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.save"] [unique_id "aipRpXBSW5Z6y_w6HsEtqQAAAA0"]
[Thu Jun 11 03:11:49.417436 2026] [security2:error] [pid 21075:tid 21091] [client 207.241.173.124:18072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.save"] [unique_id "aipRpXBSW5Z6y_w6HsEtqQAAAA0"]
[Thu Jun 11 03:11:49.418554 2026] [security2:error] [pid 21126:tid 21140] [client 207.241.173.124:18038] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aipRpc0ej6tAIvUNrGEx7QAAAMw"]
[Thu Jun 11 03:11:49.418769 2026] [security2:error] [pid 21126:tid 21140] [client 207.241.173.124:18038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aipRpc0ej6tAIvUNrGEx7QAAAMw"]
[Thu Jun 11 03:11:49.418970 2026] [security2:error] [pid 21126:tid 21140] [client 207.241.173.124:18038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aipRpc0ej6tAIvUNrGEx7QAAAMw"]
[Thu Jun 11 03:11:49.419184 2026] [security2:error] [pid 21126:tid 21140] [client 207.241.173.124:18038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aipRpc0ej6tAIvUNrGEx7QAAAMw"]
[Thu Jun 11 03:11:49.420438 2026] [security2:error] [pid 11316:tid 11338] [client 207.241.173.124:18058] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aipRpaLs2JEyoAHzH4lb9gAAARM"]
[Thu Jun 11 03:11:49.420697 2026] [security2:error] [pid 11316:tid 11338] [client 207.241.173.124:18058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aipRpaLs2JEyoAHzH4lb9gAAARM"]
[Thu Jun 11 03:11:49.420897 2026] [security2:error] [pid 11316:tid 11338] [client 207.241.173.124:18058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aipRpaLs2JEyoAHzH4lb9gAAARM"]
[Thu Jun 11 03:11:49.421113 2026] [security2:error] [pid 11316:tid 11338] [client 207.241.173.124:18058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aipRpaLs2JEyoAHzH4lb9gAAARM"]
[Thu Jun 11 03:11:49.422410 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:18076] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aipRpV71v4pS85P4fn9MEgAAAIY"]
[Thu Jun 11 03:11:49.423404 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:18076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aipRpV71v4pS85P4fn9MEgAAAIY"]
[Thu Jun 11 03:11:49.423751 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:18076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aipRpV71v4pS85P4fn9MEgAAAIY"]
[Thu Jun 11 03:11:49.423990 2026] [security2:error] [pid 22855:tid 22872] [client 207.241.173.124:18076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aipRpV71v4pS85P4fn9MEgAAAIY"]
[Thu Jun 11 03:11:49.426774 2026] [security2:error] [pid 7752:tid 7773] [client 207.241.173.124:17952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aipRpbXVEMZbaEYG_yyY5wAAAFA"]
[Thu Jun 11 03:11:49.427102 2026] [security2:error] [pid 7752:tid 7773] [client 207.241.173.124:17952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aipRpbXVEMZbaEYG_yyY5wAAAFA"]
[Thu Jun 11 03:11:49.427344 2026] [security2:error] [pid 7752:tid 7773] [client 207.241.173.124:17952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aipRpbXVEMZbaEYG_yyY5wAAAFA"]
[Thu Jun 11 03:11:49.428499 2026] [security2:error] [pid 1016:tid 1021] [client 207.241.173.124:17876] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/config"] [unique_id "aipRpaoCcBDhO7fD3wDFiwAAAUE"]
[Thu Jun 11 03:11:49.428926 2026] [security2:error] [pid 1016:tid 1021] [client 207.241.173.124:17876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/config"] [unique_id "aipRpaoCcBDhO7fD3wDFiwAAAUE"]
[Thu Jun 11 03:11:49.429522 2026] [security2:error] [pid 1016:tid 1021] [client 207.241.173.124:17876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/config"] [unique_id "aipRpaoCcBDhO7fD3wDFiwAAAUE"]
[Thu Jun 11 03:11:49.437423 2026] [security2:error] [pid 21075:tid 21090] [client 207.241.173.124:17912] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aipRpXBSW5Z6y_w6HsEtqgAAAAw"]
[Thu Jun 11 03:11:49.437699 2026] [security2:error] [pid 21075:tid 21090] [client 207.241.173.124:17912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aipRpXBSW5Z6y_w6HsEtqgAAAAw"]
[Thu Jun 11 03:11:49.437941 2026] [security2:error] [pid 21075:tid 21090] [client 207.241.173.124:17912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aipRpXBSW5Z6y_w6HsEtqgAAAAw"]
[Thu Jun 11 03:11:49.439979 2026] [security2:error] [pid 21126:tid 21132] [client 207.241.173.124:17982] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aipRpc0ej6tAIvUNrGEx7gAAAMQ"]
[Thu Jun 11 03:11:49.440256 2026] [security2:error] [pid 21126:tid 21132] [client 207.241.173.124:17982] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aipRpc0ej6tAIvUNrGEx7gAAAMQ"]
[Thu Jun 11 03:11:49.440442 2026] [security2:error] [pid 21126:tid 21132] [client 207.241.173.124:17982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aipRpc0ej6tAIvUNrGEx7gAAAMQ"]
[Thu Jun 11 03:11:49.440718 2026] [security2:error] [pid 21126:tid 21132] [client 207.241.173.124:17982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aipRpc0ej6tAIvUNrGEx7gAAAMQ"]
[Thu Jun 11 03:11:49.441932 2026] [security2:error] [pid 11316:tid 11322] [client 207.241.173.124:18090] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aipRpaLs2JEyoAHzH4lb9wAAAQM"]
[Thu Jun 11 03:11:49.442213 2026] [security2:error] [pid 11316:tid 11322] [client 207.241.173.124:18090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aipRpaLs2JEyoAHzH4lb9wAAAQM"]
[Thu Jun 11 03:11:49.442419 2026] [security2:error] [pid 11316:tid 11322] [client 207.241.173.124:18090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aipRpaLs2JEyoAHzH4lb9wAAAQM"]
[Thu Jun 11 03:11:49.442745 2026] [security2:error] [pid 11316:tid 11322] [client 207.241.173.124:18090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aipRpaLs2JEyoAHzH4lb9wAAAQM"]
[Thu Jun 11 03:11:49.444331 2026] [security2:error] [pid 1016:tid 1044] [client 207.241.173.124:18104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.orig"] [unique_id "aipRpaoCcBDhO7fD3wDFjAAAAVg"]
[Thu Jun 11 03:11:49.444529 2026] [security2:error] [pid 1016:tid 1044] [client 207.241.173.124:18104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.orig"] [unique_id "aipRpaoCcBDhO7fD3wDFjAAAAVg"]
[Thu Jun 11 03:11:49.444784 2026] [security2:error] [pid 1016:tid 1044] [client 207.241.173.124:18104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.orig"] [unique_id "aipRpaoCcBDhO7fD3wDFjAAAAVg"]
[Thu Jun 11 03:11:49.445841 2026] [security2:error] [pid 22855:tid 22876] [client 207.241.173.124:17884] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aipRpV71v4pS85P4fn9MFAAAAIo"]
[Thu Jun 11 03:11:49.446104 2026] [security2:error] [pid 22855:tid 22876] [client 207.241.173.124:17884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aipRpV71v4pS85P4fn9MFAAAAIo"]
[Thu Jun 11 03:11:49.446395 2026] [security2:error] [pid 22855:tid 22876] [client 207.241.173.124:17884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aipRpV71v4pS85P4fn9MFAAAAIo"]
[Thu Jun 11 03:11:49.446704 2026] [security2:error] [pid 21126:tid 21146] [client 207.241.173.124:18016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.orig"] [unique_id "aipRpc0ej6tAIvUNrGEx7wAAANI"]
[Thu Jun 11 03:11:49.446931 2026] [security2:error] [pid 21126:tid 21146] [client 207.241.173.124:18016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.orig"] [unique_id "aipRpc0ej6tAIvUNrGEx7wAAANI"]
[Thu Jun 11 03:11:49.447243 2026] [security2:error] [pid 21126:tid 21146] [client 207.241.173.124:18016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.orig"] [unique_id "aipRpc0ej6tAIvUNrGEx7wAAANI"]
[Thu Jun 11 03:11:49.447567 2026] [security2:error] [pid 7752:tid 7767] [client 207.241.173.124:17926] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env~"] [unique_id "aipRpbXVEMZbaEYG_yyY6AAAAEo"]
[Thu Jun 11 03:11:49.447780 2026] [security2:error] [pid 7752:tid 7767] [client 207.241.173.124:17926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env~"] [unique_id "aipRpbXVEMZbaEYG_yyY6AAAAEo"]
[Thu Jun 11 03:11:49.447970 2026] [security2:error] [pid 7752:tid 7767] [client 207.241.173.124:17926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env~"] [unique_id "aipRpbXVEMZbaEYG_yyY6AAAAEo"]
[Thu Jun 11 03:11:49.448211 2026] [security2:error] [pid 7752:tid 7767] [client 207.241.173.124:17926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env~"] [unique_id "aipRpbXVEMZbaEYG_yyY6AAAAEo"]
[Thu Jun 11 03:11:49.448660 2026] [security2:error] [pid 11316:tid 11335] [client 207.241.173.124:17962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.copy"] [unique_id "aipRpaLs2JEyoAHzH4lb-AAAARA"]
[Thu Jun 11 03:11:49.448858 2026] [security2:error] [pid 11316:tid 11335] [client 207.241.173.124:17962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.copy"] [unique_id "aipRpaLs2JEyoAHzH4lb-AAAARA"]
[Thu Jun 11 03:11:49.449345 2026] [security2:error] [pid 11316:tid 11335] [client 207.241.173.124:17962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.copy"] [unique_id "aipRpaLs2JEyoAHzH4lb-AAAARA"]
[Thu Jun 11 03:11:49.449376 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:17998] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aipRpXBSW5Z6y_w6HsEtqwAAAAI"]
[Thu Jun 11 03:11:49.449597 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:17998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aipRpXBSW5Z6y_w6HsEtqwAAAAI"]
[Thu Jun 11 03:11:49.449807 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:17998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aipRpXBSW5Z6y_w6HsEtqwAAAAI"]
[Thu Jun 11 03:11:49.450027 2026] [security2:error] [pid 21075:tid 21080] [client 207.241.173.124:17998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aipRpXBSW5Z6y_w6HsEtqwAAAAI"]
[Thu Jun 11 03:11:49.450900 2026] [security2:error] [pid 22855:tid 22890] [client 207.241.173.124:17986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.save"] [unique_id "aipRpV71v4pS85P4fn9MFQAAAJg"]
[Thu Jun 11 03:11:49.451056 2026] [security2:error] [pid 21126:tid 21139] [client 207.241.173.124:17942] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aipRpc0ej6tAIvUNrGEx8AAAAMs"]
[Thu Jun 11 03:11:49.451321 2026] [security2:error] [pid 21126:tid 21139] [client 207.241.173.124:17942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aipRpc0ej6tAIvUNrGEx8AAAAMs"]
[Thu Jun 11 03:11:49.451194 2026] [security2:error] [pid 22855:tid 22890] [client 207.241.173.124:17986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.save"] [unique_id "aipRpV71v4pS85P4fn9MFQAAAJg"]
[Thu Jun 11 03:11:49.451521 2026] [security2:error] [pid 21126:tid 21139] [client 207.241.173.124:17942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aipRpc0ej6tAIvUNrGEx8AAAAMs"]
[Thu Jun 11 03:11:49.451647 2026] [security2:error] [pid 22855:tid 22890] [client 207.241.173.124:17986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.save"] [unique_id "aipRpV71v4pS85P4fn9MFQAAAJg"]
[Thu Jun 11 03:11:49.451772 2026] [security2:error] [pid 21126:tid 21139] [client 207.241.173.124:17942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aipRpc0ej6tAIvUNrGEx8AAAAMs"]
[Thu Jun 11 03:11:49.452819 2026] [security2:error] [pid 11316:tid 11328] [client 207.241.173.124:17898] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aipRpaLs2JEyoAHzH4lb-QAAAQk"]
[Thu Jun 11 03:11:49.453024 2026] [security2:error] [pid 11316:tid 11328] [client 207.241.173.124:17898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aipRpaLs2JEyoAHzH4lb-QAAAQk"]
[Thu Jun 11 03:11:49.453264 2026] [security2:error] [pid 11316:tid 11328] [client 207.241.173.124:17898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aipRpaLs2JEyoAHzH4lb-QAAAQk"]
[Thu Jun 11 03:11:49.454466 2026] [security2:error] [pid 7752:tid 7777] [client 207.241.173.124:17974] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aipRpbXVEMZbaEYG_yyY6QAAAFQ"]
[Thu Jun 11 03:11:49.454686 2026] [security2:error] [pid 7752:tid 7777] [client 207.241.173.124:17974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aipRpbXVEMZbaEYG_yyY6QAAAFQ"]
[Thu Jun 11 03:11:49.454876 2026] [security2:error] [pid 7752:tid 7777] [client 207.241.173.124:17974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aipRpbXVEMZbaEYG_yyY6QAAAFQ"]
[Thu Jun 11 03:11:49.455210 2026] [security2:error] [pid 7752:tid 7777] [client 207.241.173.124:17974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aipRpbXVEMZbaEYG_yyY6QAAAFQ"]
[Thu Jun 11 03:11:49.456221 2026] [security2:error] [pid 1016:tid 1020] [client 207.241.173.124:18046] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aipRpaoCcBDhO7fD3wDFjQAAAUA"]
[Thu Jun 11 03:11:49.456420 2026] [security2:error] [pid 1016:tid 1020] [client 207.241.173.124:18046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aipRpaoCcBDhO7fD3wDFjQAAAUA"]
[Thu Jun 11 03:11:49.456663 2026] [security2:error] [pid 1016:tid 1020] [client 207.241.173.124:18046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aipRpaoCcBDhO7fD3wDFjQAAAUA"]
[Thu Jun 11 03:11:49.456877 2026] [security2:error] [pid 1016:tid 1020] [client 207.241.173.124:18046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aipRpaoCcBDhO7fD3wDFjQAAAUA"]
[Thu Jun 11 03:11:49.458056 2026] [security2:error] [pid 21075:tid 21094] [client 207.241.173.124:17910] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aipRpXBSW5Z6y_w6HsEtrAAAABA"]
[Thu Jun 11 03:11:49.458267 2026] [security2:error] [pid 21075:tid 21094] [client 207.241.173.124:17910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aipRpXBSW5Z6y_w6HsEtrAAAABA"]
[Thu Jun 11 03:11:49.458489 2026] [security2:error] [pid 21075:tid 21094] [client 207.241.173.124:17910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aipRpXBSW5Z6y_w6HsEtrAAAABA"]
[Thu Jun 11 03:11:49.459619 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:17966] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aipRpV71v4pS85P4fn9MFgAAAIQ"]
[Thu Jun 11 03:11:49.459878 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:17966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aipRpV71v4pS85P4fn9MFgAAAIQ"]
[Thu Jun 11 03:11:49.460076 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:17966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aipRpV71v4pS85P4fn9MFgAAAIQ"]
[Thu Jun 11 03:11:49.460359 2026] [security2:error] [pid 22855:tid 22870] [client 207.241.173.124:17966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns1.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aipRpV71v4pS85P4fn9MFgAAAIQ"]
[Thu Jun 11 03:19:46.147742 2026] [security2:error] [pid 11316:tid 11340] [client 4.240.117.210:42500] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipTgqLs2JEyoAHzH4liswAAARU"]
[Thu Jun 11 03:19:46.910892 2026] [security2:error] [pid 21075:tid 21078] [client 4.240.117.210:51474] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipTgnBSW5Z6y_w6HsE1aQAAAAA"]
[Thu Jun 11 03:19:47.130497 2026] [security2:error] [pid 21075:tid 21078] [client 4.240.117.210:51474] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipTg3BSW5Z6y_w6HsE1agAAAAA"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 03:19:58.124999 2026] [security2:error] [pid 1016:tid 1025] [client 79.124.40.174:50134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/actuator/gateway/routes"] [unique_id "aipTjqoCcBDhO7fD3wDL3AAAAUU"]
[Thu Jun 11 03:20:03.937918 2026] [security2:error] [pid 21075:tid 21095] [client 79.124.40.174:51476] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/gateway/routes"] [unique_id "aipTk3BSW5Z6y_w6HsE1pAAAABE"]
[Thu Jun 11 03:20:04.443872 2026] [security2:error] [pid 21126:tid 21129] [client 79.124.40.174:51490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipTlM0ej6tAIvUNrGE5IQAAAME"], referer: https://13.66.22.226:443/actuator/gateway/routes
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 03:22:16.158344 2026] [security2:error] [pid 22855:tid 22874] [client 216.218.206.66:19112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipUGF71v4pS85P4fn9VXQAAAIg"]
[Thu Jun 11 03:22:37.573646 2026] [security2:error] [pid 11316:tid 11335] [client 43.128.69.143:43698] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aipULaLs2JEyoAHzH4lk1QAAARA"]
[Thu Jun 11 03:31:34.811405 2026] [security2:error] [pid 7752:tid 7774] [client 20.172.67.176:59420] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/owa/auth/x.js"] [unique_id "aipWRrXVEMZbaEYG_yytXQAAAFE"]
[Thu Jun 11 03:31:34.811544 2026] [security2:error] [pid 7752:tid 7774] [client 20.172.67.176:59420] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/owa/auth/x.js"] [unique_id "aipWRrXVEMZbaEYG_yytXQAAAFE"]
[Thu Jun 11 03:31:34.812712 2026] [security2:error] [pid 7752:tid 7774] [client 20.172.67.176:59420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/owa/auth/x.js"] [unique_id "aipWRrXVEMZbaEYG_yytXQAAAFE"]
[Thu Jun 11 03:31:35.072427 2026] [security2:error] [pid 7752:tid 7774] [client 20.172.67.176:59420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipWRrXVEMZbaEYG_yytXQAAAFE"]
[Thu Jun 11 03:32:32.641849 2026] [security2:error] [pid 1251:tid 1256] [client 216.218.206.66:17898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipWgNrt74PZGw0gfCtM5AAAAII"]
[Thu Jun 11 03:39:42.380648 2026] [security2:error] [pid 32399:tid 32405] [client 216.218.206.66:36708] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aipYLljSSxh1q7yLcu5KwwAAAAI"]
[Thu Jun 11 03:39:47.209240 2026] [security2:error] [pid 1016:tid 1029] [client 20.55.163.180:33180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aipYM6oCcBDhO7fD3wDfVgAAAUk"]
[Thu Jun 11 03:39:47.209635 2026] [security2:error] [pid 1016:tid 1029] [client 20.55.163.180:33180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aipYM6oCcBDhO7fD3wDfVgAAAUk"]
[Thu Jun 11 03:39:47.209979 2026] [security2:error] [pid 1016:tid 1029] [client 20.55.163.180:33180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aipYM6oCcBDhO7fD3wDfVgAAAUk"]
[Thu Jun 11 03:39:47.210876 2026] [security2:error] [pid 1016:tid 1029] [client 20.55.163.180:33180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYM6oCcBDhO7fD3wDfVgAAAUk"]
[Thu Jun 11 03:39:47.600543 2026] [security2:error] [pid 11316:tid 11341] [client 20.55.163.180:33186] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aipYM6Ls2JEyoAHzH4l0UAAAARY"]
[Thu Jun 11 03:39:47.600921 2026] [security2:error] [pid 11316:tid 11341] [client 20.55.163.180:33186] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aipYM6Ls2JEyoAHzH4l0UAAAARY"]
[Thu Jun 11 03:39:47.601208 2026] [security2:error] [pid 11316:tid 11341] [client 20.55.163.180:33186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aipYM6Ls2JEyoAHzH4l0UAAAARY"]
[Thu Jun 11 03:39:47.602136 2026] [security2:error] [pid 11316:tid 11341] [client 20.55.163.180:33186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYM6Ls2JEyoAHzH4l0UAAAARY"]
[Thu Jun 11 03:39:48.298546 2026] [security2:error] [pid 1251:tid 1271] [client 20.55.163.180:33359] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipYNNrt74PZGw0gfCtU7QAAAJE"]
[Thu Jun 11 03:39:48.298836 2026] [security2:error] [pid 1251:tid 1271] [client 20.55.163.180:33359] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipYNNrt74PZGw0gfCtU7QAAAJE"]
[Thu Jun 11 03:39:48.299089 2026] [security2:error] [pid 1251:tid 1271] [client 20.55.163.180:33359] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipYNNrt74PZGw0gfCtU7QAAAJE"]
[Thu Jun 11 03:39:48.300044 2026] [security2:error] [pid 1251:tid 1271] [client 20.55.163.180:33359] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYNNrt74PZGw0gfCtU7QAAAJE"]
[Thu Jun 11 03:39:50.026833 2026] [security2:error] [pid 1251:tid 1256] [client 20.55.163.180:33364] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aipYNtrt74PZGw0gfCtU9gAAAII"]
[Thu Jun 11 03:39:50.027092 2026] [security2:error] [pid 1251:tid 1256] [client 20.55.163.180:33364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aipYNtrt74PZGw0gfCtU9gAAAII"]
[Thu Jun 11 03:39:50.027377 2026] [security2:error] [pid 1251:tid 1256] [client 20.55.163.180:33364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aipYNtrt74PZGw0gfCtU9gAAAII"]
[Thu Jun 11 03:39:50.028213 2026] [security2:error] [pid 1251:tid 1256] [client 20.55.163.180:33364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYNtrt74PZGw0gfCtU9gAAAII"]
[Thu Jun 11 03:39:50.394705 2026] [security2:error] [pid 11316:tid 11329] [client 20.55.163.180:33086] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aipYNqLs2JEyoAHzH4l0XwAAAQo"]
[Thu Jun 11 03:39:50.394985 2026] [security2:error] [pid 11316:tid 11329] [client 20.55.163.180:33086] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aipYNqLs2JEyoAHzH4l0XwAAAQo"]
[Thu Jun 11 03:39:50.395258 2026] [security2:error] [pid 11316:tid 11329] [client 20.55.163.180:33086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aipYNqLs2JEyoAHzH4l0XwAAAQo"]
[Thu Jun 11 03:39:50.396204 2026] [security2:error] [pid 11316:tid 11329] [client 20.55.163.180:33086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYNqLs2JEyoAHzH4l0XwAAAQo"]
[Thu Jun 11 03:39:50.699115 2026] [security2:error] [pid 1016:tid 1020] [client 20.55.163.180:33200] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aipYNqoCcBDhO7fD3wDfZAAAAUA"]
[Thu Jun 11 03:39:50.699283 2026] [security2:error] [pid 1016:tid 1020] [client 20.55.163.180:33200] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aipYNqoCcBDhO7fD3wDfZAAAAUA"]
[Thu Jun 11 03:39:50.699463 2026] [security2:error] [pid 1016:tid 1020] [client 20.55.163.180:33200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aipYNqoCcBDhO7fD3wDfZAAAAUA"]
[Thu Jun 11 03:39:50.700463 2026] [security2:error] [pid 1016:tid 1020] [client 20.55.163.180:33200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aipYNqoCcBDhO7fD3wDfZAAAAUA"]
[Thu Jun 11 03:39:50.701494 2026] [security2:error] [pid 1016:tid 1020] [client 20.55.163.180:33200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYNqoCcBDhO7fD3wDfZAAAAUA"]
[Thu Jun 11 03:39:51.256772 2026] [security2:error] [pid 32399:tid 32416] [client 20.55.163.180:33026] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aipYN1jSSxh1q7yLcu5K-gAAAA0"]
[Thu Jun 11 03:39:51.257056 2026] [security2:error] [pid 32399:tid 32416] [client 20.55.163.180:33026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aipYN1jSSxh1q7yLcu5K-gAAAA0"]
[Thu Jun 11 03:39:51.257357 2026] [security2:error] [pid 32399:tid 32416] [client 20.55.163.180:33026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aipYN1jSSxh1q7yLcu5K-gAAAA0"]
[Thu Jun 11 03:39:51.258264 2026] [security2:error] [pid 32399:tid 32416] [client 20.55.163.180:33026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYN1jSSxh1q7yLcu5K-gAAAA0"]
[Thu Jun 11 03:39:51.734567 2026] [security2:error] [pid 11316:tid 11331] [client 20.55.163.180:33177] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aipYN6Ls2JEyoAHzH4l0ZgAAAQw"]
[Thu Jun 11 03:39:51.734892 2026] [security2:error] [pid 11316:tid 11331] [client 20.55.163.180:33177] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aipYN6Ls2JEyoAHzH4l0ZgAAAQw"]
[Thu Jun 11 03:39:51.735107 2026] [security2:error] [pid 11316:tid 11331] [client 20.55.163.180:33177] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aipYN6Ls2JEyoAHzH4l0ZgAAAQw"]
[Thu Jun 11 03:39:51.736335 2026] [security2:error] [pid 11316:tid 11331] [client 20.55.163.180:33177] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYN6Ls2JEyoAHzH4l0ZgAAAQw"]
[Thu Jun 11 03:39:52.151735 2026] [security2:error] [pid 11316:tid 11342] [client 20.55.163.180:33175] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aipYOKLs2JEyoAHzH4l0agAAARc"]
[Thu Jun 11 03:39:52.152025 2026] [security2:error] [pid 11316:tid 11342] [client 20.55.163.180:33175] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aipYOKLs2JEyoAHzH4l0agAAARc"]
[Thu Jun 11 03:39:52.152216 2026] [security2:error] [pid 11316:tid 11342] [client 20.55.163.180:33175] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aipYOKLs2JEyoAHzH4l0agAAARc"]
[Thu Jun 11 03:39:52.152493 2026] [security2:error] [pid 11316:tid 11342] [client 20.55.163.180:33175] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aipYOKLs2JEyoAHzH4l0agAAARc"]
[Thu Jun 11 03:39:52.153313 2026] [security2:error] [pid 11316:tid 11342] [client 20.55.163.180:33175] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYOKLs2JEyoAHzH4l0agAAARc"]
[Thu Jun 11 03:39:52.529699 2026] [security2:error] [pid 1016:tid 1028] [client 20.55.163.180:33157] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aipYOKoCcBDhO7fD3wDfcAAAAUg"]
[Thu Jun 11 03:39:52.529917 2026] [security2:error] [pid 1016:tid 1028] [client 20.55.163.180:33157] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aipYOKoCcBDhO7fD3wDfcAAAAUg"]
[Thu Jun 11 03:39:52.530162 2026] [security2:error] [pid 1016:tid 1028] [client 20.55.163.180:33157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aipYOKoCcBDhO7fD3wDfcAAAAUg"]
[Thu Jun 11 03:39:52.531036 2026] [security2:error] [pid 1016:tid 1028] [client 20.55.163.180:33157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYOKoCcBDhO7fD3wDfcAAAAUg"]
[Thu Jun 11 03:39:53.535749 2026] [security2:error] [pid 11316:tid 11326] [client 20.55.163.180:33034] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aipYOaLs2JEyoAHzH4l0dQAAAQc"]
[Thu Jun 11 03:39:53.535986 2026] [security2:error] [pid 11316:tid 11326] [client 20.55.163.180:33034] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aipYOaLs2JEyoAHzH4l0dQAAAQc"]
[Thu Jun 11 03:39:53.536280 2026] [security2:error] [pid 11316:tid 11326] [client 20.55.163.180:33034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aipYOaLs2JEyoAHzH4l0dQAAAQc"]
[Thu Jun 11 03:39:53.537044 2026] [security2:error] [pid 11316:tid 11326] [client 20.55.163.180:33034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYOaLs2JEyoAHzH4l0dQAAAQc"]
[Thu Jun 11 03:39:55.003859 2026] [security2:error] [pid 1251:tid 1267] [client 20.55.163.180:33197] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server-status"] [unique_id "aipYO9rt74PZGw0gfCtVDAAAAI0"]
[Thu Jun 11 03:39:55.297443 2026] [security2:error] [pid 11316:tid 11321] [client 20.55.163.180:33385] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/env"] [unique_id "aipYO6Ls2JEyoAHzH4l0gAAAAQI"]
[Thu Jun 11 03:39:56.676750 2026] [security2:error] [pid 32399:tid 32411] [client 20.55.163.180:33365] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.DS_Store"] [unique_id "aipYPFjSSxh1q7yLcu5LGwAAAAg"]
[Thu Jun 11 03:39:56.677267 2026] [security2:error] [pid 32399:tid 32411] [client 20.55.163.180:33365] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.DS_Store"] [unique_id "aipYPFjSSxh1q7yLcu5LGwAAAAg"]
[Thu Jun 11 03:39:56.677712 2026] [security2:error] [pid 32399:tid 32411] [client 20.55.163.180:33365] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.DS_Store"] [unique_id "aipYPFjSSxh1q7yLcu5LGwAAAAg"]
[Thu Jun 11 03:39:56.678753 2026] [security2:error] [pid 32399:tid 32411] [client 20.55.163.180:33365] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYPFjSSxh1q7yLcu5LGwAAAAg"]
[Thu Jun 11 03:39:57.692205 2026] [security2:error] [pid 11316:tid 11320] [client 20.55.163.180:33198] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php"] [unique_id "aipYPaLs2JEyoAHzH4l0jgAAAQE"]
[Thu Jun 11 03:39:57.692688 2026] [:error] [pid 11316:tid 11320] [client 20.55.163.180:33198] File does not exist: /var/www/html/config.php
[Thu Jun 11 03:39:58.029969 2026] [security2:error] [pid 1016:tid 1023] [client 20.55.163.180:33156] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aipYPqoCcBDhO7fD3wDflwAAAUM"]
[Thu Jun 11 03:39:58.030218 2026] [security2:error] [pid 1016:tid 1023] [client 20.55.163.180:33156] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aipYPqoCcBDhO7fD3wDflwAAAUM"]
[Thu Jun 11 03:39:58.030618 2026] [security2:error] [pid 1016:tid 1023] [client 20.55.163.180:33156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aipYPqoCcBDhO7fD3wDflwAAAUM"]
[Thu Jun 11 03:39:58.031807 2026] [security2:error] [pid 1016:tid 1023] [client 20.55.163.180:33156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYPqoCcBDhO7fD3wDflwAAAUM"]
[Thu Jun 11 03:39:58.444457 2026] [authz_core:error] [pid 32399:tid 32419] [client 20.55.163.180:33196] AH01630: client denied by server configuration: /var/www/html/.htpasswd
[Thu Jun 11 03:39:59.178950 2026] [security2:error] [pid 32399:tid 32406] [client 20.55.163.180:33209] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aipYP1jSSxh1q7yLcu5LLwAAAAM"]
[Thu Jun 11 03:39:59.179043 2026] [security2:error] [pid 32399:tid 32406] [client 20.55.163.180:33209] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aipYP1jSSxh1q7yLcu5LLwAAAAM"]
[Thu Jun 11 03:39:59.179475 2026] [security2:error] [pid 32399:tid 32406] [client 20.55.163.180:33209] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aipYP1jSSxh1q7yLcu5LLwAAAAM"]
[Thu Jun 11 03:39:59.180553 2026] [security2:error] [pid 32399:tid 32406] [client 20.55.163.180:33209] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYP1jSSxh1q7yLcu5LLwAAAAM"]
[Thu Jun 11 03:40:00.057914 2026] [security2:error] [pid 32399:tid 32405] [client 20.55.163.180:33164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aipYQFjSSxh1q7yLcu5LOAAAAAI"]
[Thu Jun 11 03:40:00.058038 2026] [security2:error] [pid 32399:tid 32405] [client 20.55.163.180:33164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aipYQFjSSxh1q7yLcu5LOAAAAAI"]
[Thu Jun 11 03:40:00.058699 2026] [security2:error] [pid 32399:tid 32405] [client 20.55.163.180:33164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aipYQFjSSxh1q7yLcu5LOAAAAAI"]
[Thu Jun 11 03:40:00.059785 2026] [security2:error] [pid 32399:tid 32405] [client 20.55.163.180:33164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipYQFjSSxh1q7yLcu5LOAAAAAI"]
[Thu Jun 11 03:47:23.090930 2026] [security2:error] [pid 32399:tid 32420] [client 78.153.140.93:45402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipZ-1jSSxh1q7yLcu5TqwAAABE"]
[Thu Jun 11 03:47:23.091226 2026] [security2:error] [pid 32399:tid 32420] [client 78.153.140.93:45402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipZ-1jSSxh1q7yLcu5TqwAAABE"]
[Thu Jun 11 03:47:23.091512 2026] [security2:error] [pid 32399:tid 32420] [client 78.153.140.93:45402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipZ-1jSSxh1q7yLcu5TqwAAABE"]
[Thu Jun 11 03:47:23.092623 2026] [security2:error] [pid 32399:tid 32420] [client 78.153.140.93:45402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipZ-1jSSxh1q7yLcu5TqwAAABE"]
[Thu Jun 11 03:47:23.449692 2026] [security2:error] [pid 11316:tid 11322] [client 78.153.140.93:45406] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipZ-6Ls2JEyoAHzH4l6ZAAAAQM"]
[Thu Jun 11 03:49:41.041252 2026] [security2:error] [pid 1251:tid 1259] [client 77.83.39.94:34448] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/HEAD"] [unique_id "aipahdrt74PZGw0gfCtf4QAAAIU"]
[Thu Jun 11 03:49:41.041399 2026] [security2:error] [pid 1251:tid 1259] [client 77.83.39.94:34448] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.git/HEAD"] [unique_id "aipahdrt74PZGw0gfCtf4QAAAIU"]
[Thu Jun 11 03:49:41.041529 2026] [security2:error] [pid 1251:tid 1259] [client 77.83.39.94:34448] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/HEAD"] [unique_id "aipahdrt74PZGw0gfCtf4QAAAIU"]
[Thu Jun 11 03:49:41.041833 2026] [security2:error] [pid 1251:tid 1259] [client 77.83.39.94:34448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/HEAD"] [unique_id "aipahdrt74PZGw0gfCtf4QAAAIU"]
[Thu Jun 11 03:49:41.242986 2026] [security2:error] [pid 1251:tid 1259] [client 77.83.39.94:34448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipahdrt74PZGw0gfCtf4QAAAIU"]
[Thu Jun 11 03:52:48.114833 2026] [security2:error] [pid 1251:tid 1274] [client 216.218.206.66:32162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/geoserver/web/"] [unique_id "aipbQNrt74PZGw0gfCthxAAAAJQ"]
[Thu Jun 11 03:56:27.385759 2026] [security2:error] [pid 32399:tid 32419] [client 66.132.172.217:26656] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipcG1jSSxh1q7yLcu5cjQAAABA"]
[Thu Jun 11 03:56:34.224138 2026] [security2:error] [pid 1251:tid 1266] [client 66.132.172.217:38556] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aipcItrt74PZGw0gfCtlCQAAAIw"]
[Thu Jun 11 03:56:36.361388 2026] [security2:error] [pid 32399:tid 32417] [client 66.132.172.217:38566] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aipcJFjSSxh1q7yLcu5cqgAAAA4"]
[Thu Jun 11 03:56:39.073756 2026] [security2:error] [pid 32399:tid 32421] [client 66.132.172.217:60794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aipcJ1jSSxh1q7yLcu5cuQAAABI"]
[Thu Jun 11 03:56:43.576195 2026] [security2:error] [pid 11316:tid 11338] [client 62.210.142.177:38244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipcK6Ls2JEyoAHzH4mCrwAAARM"], referer: http://13.84.161.190/
[Thu Jun 11 03:57:45.895671 2026] [security2:error] [pid 1251:tid 1265] [client 216.218.206.66:50934] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipcadrt74PZGw0gfCtmNwAAAIs"]
[Thu Jun 11 03:57:45.895915 2026] [security2:error] [pid 1251:tid 1265] [client 216.218.206.66:50934] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipcadrt74PZGw0gfCtmNwAAAIs"]
[Thu Jun 11 03:57:45.896188 2026] [security2:error] [pid 1251:tid 1265] [client 216.218.206.66:50934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aipcadrt74PZGw0gfCtmNwAAAIs"]
[Thu Jun 11 03:57:46.163957 2026] [security2:error] [pid 1251:tid 1265] [client 216.218.206.66:50934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipcadrt74PZGw0gfCtmNwAAAIs"]
[Thu Jun 11 03:57:51.306462 2026] [security2:error] [pid 26302:tid 26324] [client 45.148.10.67:38800] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipcb5tqCsTZhfVMMItWhAAAAFM"]
[Thu Jun 11 04:01:37.548940 2026] [security2:error] [pid 32399:tid 32410] [client 45.33.80.243:30748] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipdUVjSSxh1q7yLcu5kEQAAAAc"]
[Thu Jun 11 04:02:22.802110 2026] [security2:error] [pid 1251:tid 1267] [client 66.132.172.217:31148] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/security.txt"] [unique_id "aipdftrt74PZGw0gfCtqPgAAAI0"]
[Thu Jun 11 04:03:31.964979 2026] [security2:error] [pid 32399:tid 32421] [client 205.210.31.19:63478] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipdw1jSSxh1q7yLcu5mPgAAABI"]
[Thu Jun 11 04:16:17.093758 2026] [security2:error] [pid 26302:tid 26323] [client 185.242.226.113:54899] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipgwZtqCsTZhfVMMItsqAAAAFI"], referer: http://13.84.161.190:80/
[Thu Jun 11 04:18:36.150185 2026] [security2:error] [pid 11316:tid 11329] [client 43.130.111.40:52342] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiphTKLs2JEyoAHzH4mc3wAAAQo"], referer: http://13.84.161.190
[Thu Jun 11 04:18:36.150352 2026] [security2:error] [pid 11316:tid 11329] [client 43.130.111.40:52342] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiphTKLs2JEyoAHzH4mc3wAAAQo"], referer: http://13.84.161.190
[Thu Jun 11 04:18:36.150938 2026] [security2:error] [pid 11316:tid 11329] [client 43.130.111.40:52342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiphTKLs2JEyoAHzH4mc3wAAAQo"], referer: http://13.84.161.190
[Thu Jun 11 04:18:36.311900 2026] [security2:error] [pid 11316:tid 11329] [client 43.130.111.40:52342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiphTKLs2JEyoAHzH4mc3wAAAQo"], referer: http://13.84.161.190
[Thu Jun 11 04:32:28.639154 2026] [security2:error] [pid 32399:tid 32424] [client 85.217.149.48:53880] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipkjFjSSxh1q7yLcu6LdwAAABU"]
[Thu Jun 11 04:32:28.696104 2026] [security2:error] [pid 32399:tid 32424] [client 85.217.149.48:53880] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipkjFjSSxh1q7yLcu6LeAAAABU"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 04:33:38.073023 2026] [security2:error] [pid 1251:tid 1277] [client 204.76.203.81:37332] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipk0trt74PZGw0gfCuKDQAAAJc"]
[Thu Jun 11 04:36:19.800565 2026] [security2:error] [pid 1251:tid 1264] [client 144.76.95.167:33708] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiplc9rt74PZGw0gfCuL_gAAAIo"]
[Thu Jun 11 04:36:19.800840 2026] [security2:error] [pid 1251:tid 1264] [client 144.76.95.167:33708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiplc9rt74PZGw0gfCuL_gAAAIo"]
[Thu Jun 11 04:36:19.801227 2026] [security2:error] [pid 1251:tid 1264] [client 144.76.95.167:33708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aiplc9rt74PZGw0gfCuL_gAAAIo"]
[Thu Jun 11 04:38:51.697194 2026] [security2:error] [pid 26302:tid 26315] [client 34.123.82.129:25382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aipmC5tqCsTZhfVMMIuB0AAAAEo"]
[Thu Jun 11 04:38:51.697551 2026] [security2:error] [pid 26302:tid 26315] [client 34.123.82.129:25382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aipmC5tqCsTZhfVMMIuB0AAAAEo"]
[Thu Jun 11 04:38:52.200183 2026] [security2:error] [pid 26302:tid 26315] [client 34.123.82.129:25382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aipmC5tqCsTZhfVMMIuB0AAAAEo"]
[Thu Jun 11 04:39:03.360780 2026] [security2:error] [pid 32399:tid 32405] [client 34.123.82.129:20288] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aipmF1jSSxh1q7yLcu6T0wAAAAI"]
[Thu Jun 11 04:39:03.361090 2026] [security2:error] [pid 32399:tid 32405] [client 34.123.82.129:20288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aipmF1jSSxh1q7yLcu6T0wAAAAI"]
[Thu Jun 11 04:39:03.407904 2026] [security2:error] [pid 32399:tid 32405] [client 34.123.82.129:20288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aipmF1jSSxh1q7yLcu6T0wAAAAI"]
[Thu Jun 11 04:39:19.542718 2026] [security2:error] [pid 32399:tid 32419] [client 78.153.140.250:40876] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipmJ1jSSxh1q7yLcu6UDwAAABA"]
[Thu Jun 11 04:39:19.543002 2026] [security2:error] [pid 32399:tid 32419] [client 78.153.140.250:40876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipmJ1jSSxh1q7yLcu6UDwAAABA"]
[Thu Jun 11 04:39:19.543265 2026] [security2:error] [pid 32399:tid 32419] [client 78.153.140.250:40876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aipmJ1jSSxh1q7yLcu6UDwAAABA"]
[Thu Jun 11 04:39:19.543647 2026] [security2:error] [pid 32399:tid 32419] [client 78.153.140.250:40876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipmJ1jSSxh1q7yLcu6UDwAAABA"]
[Thu Jun 11 04:39:20.324791 2026] [security2:error] [pid 11316:tid 11337] [client 78.153.140.250:40886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipmKKLs2JEyoAHzH4mvrAAAARI"]
[Thu Jun 11 04:39:44.397895 2026] [security2:error] [pid 1251:tid 1269] [client 185.242.226.113:46121] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipmQNrt74PZGw0gfCuQMwAAAI8"]
[Thu Jun 11 04:39:55.307098 2026] [security2:error] [pid 11316:tid 11321] [client 93.123.109.178:36520] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "ns2.erhabenn.com.br"] [uri "/"] [unique_id "aipmS6Ls2JEyoAHzH4mwRQAAAQI"]
[Thu Jun 11 04:39:55.307631 2026] [security2:error] [pid 11316:tid 11321] [client 93.123.109.178:36520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/"] [unique_id "aipmS6Ls2JEyoAHzH4mwRQAAAQI"]
[Thu Jun 11 04:39:55.539796 2026] [security2:error] [pid 11316:tid 11321] [client 93.123.109.178:36520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aipmS6Ls2JEyoAHzH4mwRQAAAQI"]
[Thu Jun 11 04:51:48.226745 2026] [security2:error] [pid 32399:tid 32424] [client 35.195.121.116:6350] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aippFFjSSxh1q7yLcu6h2QAAABU"]
[Thu Jun 11 04:57:42.738645 2026] [security2:error] [pid 32399:tid 32412] [client 69.5.169.56:14660] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipqdljSSxh1q7yLcu6m6gAAAAk"]
[Thu Jun 11 04:57:43.592114 2026] [security2:error] [pid 26302:tid 26315] [client 69.5.169.65:14660] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aipqd5tqCsTZhfVMMIuSYAAAAEo"]
[Thu Jun 11 04:57:53.163689 2026] [security2:error] [pid 11316:tid 11329] [client 66.132.172.138:45460] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipqgaLs2JEyoAHzH4nEtAAAAQo"]
[Thu Jun 11 04:57:55.675079 2026] [security2:error] [pid 26302:tid 26325] [client 66.132.172.138:45478] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aipqg5tqCsTZhfVMMIuSpQAAAFQ"]
[Thu Jun 11 04:58:13.791290 2026] [security2:error] [pid 26302:tid 26316] [client 78.153.140.50:58300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aipqlZtqCsTZhfVMMIuS6wAAAEs"]
[Thu Jun 11 04:58:13.791530 2026] [security2:error] [pid 26302:tid 26316] [client 78.153.140.50:58300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aipqlZtqCsTZhfVMMIuS6wAAAEs"]
[Thu Jun 11 04:58:13.791842 2026] [security2:error] [pid 26302:tid 26316] [client 78.153.140.50:58300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aipqlZtqCsTZhfVMMIuS6wAAAEs"]
[Thu Jun 11 04:58:13.864983 2026] [security2:error] [pid 26302:tid 26316] [client 78.153.140.50:58300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aipqlZtqCsTZhfVMMIuS6wAAAEs"]
[Thu Jun 11 04:58:18.317597 2026] [security2:error] [pid 1251:tid 1267] [client 78.153.140.50:58306] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipqmtrt74PZGw0gfCuh4gAAAI0"]
[Thu Jun 11 04:58:18.350462 2026] [core:error] [pid 11316:tid 11342] [client 84.247.129.208:55038] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 04:58:21.636674 2026] [security2:error] [pid 1251:tid 1271] [client 66.132.172.138:32254] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/security.txt"] [unique_id "aipqndrt74PZGw0gfCuh_AAAAJE"]
[Thu Jun 11 04:58:22.763824 2026] [security2:error] [pid 11316:tid 11326] [client 66.132.172.138:32268] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aipqnqLs2JEyoAHzH4nE9AAAAQc"]
[Thu Jun 11 04:59:45.741618 2026] [security2:error] [pid 9167:tid 9176] [client 43.164.3.182:59238] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipq8Zvx2t5yVNtSJBoXWAAAAMY"]
[Thu Jun 11 04:59:45.741922 2026] [security2:error] [pid 9167:tid 9176] [client 43.164.3.182:59238] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipq8Zvx2t5yVNtSJBoXWAAAAMY"]
[Thu Jun 11 04:59:45.742542 2026] [security2:error] [pid 9167:tid 9176] [client 43.164.3.182:59238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipq8Zvx2t5yVNtSJBoXWAAAAMY"]
[Thu Jun 11 04:59:45.743481 2026] [security2:error] [pid 9167:tid 9176] [client 43.164.3.182:59238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aipq8Zvx2t5yVNtSJBoXWAAAAMY"]
[Thu Jun 11 05:05:56.861698 2026] [security2:error] [pid 11316:tid 11326] [client 138.197.158.92:35000] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipsZKLs2JEyoAHzH4nLxgAAAQc"]
[Thu Jun 11 05:05:58.522279 2026] [security2:error] [pid 1251:tid 1254] [client 138.197.158.92:35102] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aipsZtrt74PZGw0gfCutgQAAAIA"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 05:05:59.015106 2026] [security2:error] [pid 32399:tid 32419] [client 138.197.158.92:54882] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/favicon.ico"] [unique_id "aipsZ1jSSxh1q7yLcu6t-AAAABA"], referer: https://13.66.22.226/cgi-sys/suspendedpage.cgi
[Thu Jun 11 05:05:59.015841 2026] [cgid:error] [pid 32399:tid 32419] [client 138.197.158.92:54882] AH01264: stderr from /usr/local/cpanel/cgi-sys/favicon.ico: script not found or unable to stat, referer: https://13.66.22.226/cgi-sys/suspendedpage.cgi
[Thu Jun 11 05:06:10.074485 2026] [security2:error] [pid 9167:tid 9177] [client 93.123.109.178:37312] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "220-cloud.erhabenn.com.br"] [uri "/"] [unique_id "aipscpvx2t5yVNtSJBodtQAAAMc"]
[Thu Jun 11 05:06:10.074924 2026] [security2:error] [pid 9167:tid 9177] [client 93.123.109.178:37312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "220-cloud.erhabenn.com.br"] [uri "/"] [unique_id "aipscpvx2t5yVNtSJBodtQAAAMc"]
[Thu Jun 11 05:06:10.075198 2026] [security2:error] [pid 9167:tid 9177] [client 93.123.109.178:37312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "220-cloud.erhabenn.com.br"] [uri "/"] [unique_id "aipscpvx2t5yVNtSJBodtQAAAMc"]
[Thu Jun 11 05:30:23.789984 2026] [security2:error] [pid 26302:tid 26324] [client 147.185.132.144:58860] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aipyH5tqCsTZhfVMMIuxbgAAAFM"]
[Thu Jun 11 05:30:46.112175 2026] [security2:error] [pid 32399:tid 32409] [client 45.148.10.67:63916] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aipyNljSSxh1q7yLcu7HbwAAAAY"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 05:39:04.646096 2026] [security2:error] [pid 26302:tid 26317] [client 69.5.169.7:6708] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aip0KJtqCsTZhfVMMIu4eAAAAEw"]
[Thu Jun 11 05:39:05.383091 2026] [security2:error] [pid 32399:tid 32423] [client 69.5.169.124:1528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aip0KVjSSxh1q7yLcu7OvQAAABQ"]
[Thu Jun 11 05:40:38.930141 2026] [security2:error] [pid 1251:tid 1267] [client 35.195.84.127:39140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip0htrt74PZGw0gfCvZlAAAAI0"]
[Thu Jun 11 05:52:22.517220 2026] [security2:error] [pid 9167:tid 9193] [client 34.123.82.129:24966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aip3Rpvx2t5yVNtSJBpKxAAAANc"]
[Thu Jun 11 05:52:22.517556 2026] [security2:error] [pid 9167:tid 9193] [client 34.123.82.129:24966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aip3Rpvx2t5yVNtSJBpKxAAAANc"]
[Thu Jun 11 05:52:22.517964 2026] [security2:error] [pid 9167:tid 9193] [client 34.123.82.129:24966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aip3Rpvx2t5yVNtSJBpKxAAAANc"]
[Thu Jun 11 05:52:25.505168 2026] [security2:error] [pid 11316:tid 11319] [client 34.123.82.129:60374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aip3SaLs2JEyoAHzH4n6RgAAAQA"]
[Thu Jun 11 05:52:25.505478 2026] [security2:error] [pid 11316:tid 11319] [client 34.123.82.129:60374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aip3SaLs2JEyoAHzH4n6RgAAAQA"]
[Thu Jun 11 05:52:40.030995 2026] [security2:error] [pid 11316:tid 11319] [client 34.123.82.129:60374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "aip3SaLs2JEyoAHzH4n6RgAAAQA"]
[Thu Jun 11 05:56:23.051690 2026] [security2:error] [pid 9167:tid 9191] [client 43.157.53.115:49278] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aip4N5vx2t5yVNtSJBpPBgAAANU"], referer: http://machen.ai
[Thu Jun 11 05:57:47.295087 2026] [security2:error] [pid 1251:tid 1275] [client 78.153.140.93:40090] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aip4i9rt74PZGw0gfCvq_wAAAJU"]
[Thu Jun 11 05:57:47.295465 2026] [security2:error] [pid 1251:tid 1275] [client 78.153.140.93:40090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aip4i9rt74PZGw0gfCvq_wAAAJU"]
[Thu Jun 11 05:57:47.295784 2026] [security2:error] [pid 1251:tid 1275] [client 78.153.140.93:40090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aip4i9rt74PZGw0gfCvq_wAAAJU"]
[Thu Jun 11 05:57:47.296865 2026] [security2:error] [pid 1251:tid 1275] [client 78.153.140.93:40090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip4i9rt74PZGw0gfCvq_wAAAJU"]
[Thu Jun 11 05:57:47.650269 2026] [security2:error] [pid 11316:tid 11319] [client 78.153.140.93:40098] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip4i6Ls2JEyoAHzH4kAHQAAAQA"]
[Thu Jun 11 06:00:18.224032 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvsbwAAAJQ"]
[Thu Jun 11 06:00:18.224126 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvsbwAAAJQ"]
[Thu Jun 11 06:00:18.224801 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvsbwAAAJQ"]
[Thu Jun 11 06:00:18.225087 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvsbwAAAJQ"]
[Thu Jun 11 06:00:18.263367 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscAAAAJQ"]
[Thu Jun 11 06:00:18.263437 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscAAAAJQ"]
[Thu Jun 11 06:00:18.263863 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscAAAAJQ"]
[Thu Jun 11 06:00:18.264301 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvscAAAAJQ"]
[Thu Jun 11 06:00:18.299777 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscQAAAJQ"]
[Thu Jun 11 06:00:18.341645 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscgAAAJQ"]
[Thu Jun 11 06:00:18.341731 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscgAAAJQ"]
[Thu Jun 11 06:00:18.342465 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscgAAAJQ"]
[Thu Jun 11 06:00:18.342798 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvscgAAAJQ"]
[Thu Jun 11 06:00:18.377424 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscwAAAJQ"]
[Thu Jun 11 06:00:18.377500 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscwAAAJQ"]
[Thu Jun 11 06:00:18.378053 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvscwAAAJQ"]
[Thu Jun 11 06:00:18.378328 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvscwAAAJQ"]
[Thu Jun 11 06:00:18.646885 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aip5Itrt74PZGw0gfCvsdgAAAJQ"]
[Thu Jun 11 06:00:18.684405 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsdwAAAJQ"]
[Thu Jun 11 06:00:18.684477 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsdwAAAJQ"]
[Thu Jun 11 06:00:18.685040 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsdwAAAJQ"]
[Thu Jun 11 06:00:18.685286 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvsdwAAAJQ"]
[Thu Jun 11 06:00:18.720221 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvseAAAAJQ"]
[Thu Jun 11 06:00:18.720301 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvseAAAAJQ"]
[Thu Jun 11 06:00:18.720644 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvseAAAAJQ"]
[Thu Jun 11 06:00:18.720885 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvseAAAAJQ"]
[Thu Jun 11 06:00:18.755351 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvseQAAAJQ"]
[Thu Jun 11 06:00:18.791408 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsegAAAJQ"]
[Thu Jun 11 06:00:18.791497 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsegAAAJQ"]
[Thu Jun 11 06:00:18.792171 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5Itrt74PZGw0gfCvsegAAAJQ"]
[Thu Jun 11 06:00:18.792829 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5Itrt74PZGw0gfCvsegAAAJQ"]
[Thu Jun 11 06:00:19.063630 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5I9rt74PZGw0gfCvsewAAAJQ"]
[Thu Jun 11 06:00:19.063736 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5I9rt74PZGw0gfCvsewAAAJQ"]
[Thu Jun 11 06:00:19.064385 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5I9rt74PZGw0gfCvsewAAAJQ"]
[Thu Jun 11 06:00:19.064802 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsewAAAJQ"]
[Thu Jun 11 06:00:19.101731 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aip5I9rt74PZGw0gfCvsfAAAAJQ"]
[Thu Jun 11 06:00:19.137424 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfQAAAJQ"]
[Thu Jun 11 06:00:19.137501 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfQAAAJQ"]
[Thu Jun 11 06:00:19.138142 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfQAAAJQ"]
[Thu Jun 11 06:00:19.138384 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsfQAAAJQ"]
[Thu Jun 11 06:00:19.406459 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfwAAAJQ"]
[Thu Jun 11 06:00:19.406549 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfwAAAJQ"]
[Thu Jun 11 06:00:19.407147 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsfwAAAJQ"]
[Thu Jun 11 06:00:19.407381 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsfwAAAJQ"]
[Thu Jun 11 06:00:19.441755 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsgAAAAJQ"]
[Thu Jun 11 06:00:19.478853 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsgQAAAJQ"]
[Thu Jun 11 06:00:19.478946 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsgQAAAJQ"]
[Thu Jun 11 06:00:19.479608 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsgQAAAJQ"]
[Thu Jun 11 06:00:19.479908 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsgQAAAJQ"]
[Thu Jun 11 06:00:19.514068 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsggAAAJQ"]
[Thu Jun 11 06:00:19.514149 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsggAAAJQ"]
[Thu Jun 11 06:00:19.514562 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsggAAAJQ"]
[Thu Jun 11 06:00:19.514948 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsggAAAJQ"]
[Thu Jun 11 06:00:19.784176 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aip5I9rt74PZGw0gfCvsgwAAAJQ"]
[Thu Jun 11 06:00:19.823940 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshQAAAJQ"]
[Thu Jun 11 06:00:19.824037 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshQAAAJQ"]
[Thu Jun 11 06:00:19.824911 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshQAAAJQ"]
[Thu Jun 11 06:00:19.825223 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvshQAAAJQ"]
[Thu Jun 11 06:00:19.859597 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshgAAAJQ"]
[Thu Jun 11 06:00:19.859683 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshgAAAJQ"]
[Thu Jun 11 06:00:19.860150 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshgAAAJQ"]
[Thu Jun 11 06:00:19.860416 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvshgAAAJQ"]
[Thu Jun 11 06:00:19.896893 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvshwAAAJQ"]
[Thu Jun 11 06:00:19.933529 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiAAAAJQ"]
[Thu Jun 11 06:00:19.933689 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiAAAAJQ"]
[Thu Jun 11 06:00:19.934408 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiAAAAJQ"]
[Thu Jun 11 06:00:19.934859 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsiAAAAJQ"]
[Thu Jun 11 06:00:19.973528 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiQAAAJQ"]
[Thu Jun 11 06:00:19.973682 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiQAAAJQ"]
[Thu Jun 11 06:00:19.974027 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5I9rt74PZGw0gfCvsiQAAAJQ"]
[Thu Jun 11 06:00:19.974304 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aip5I9rt74PZGw0gfCvsiQAAAJQ"]
[Thu Jun 11 06:00:20.015713 2026] [security2:error] [pid 1251:tid 1274] [client 47.251.93.227:58846] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aip5JNrt74PZGw0gfCvsigAAAJQ"]
[Thu Jun 11 06:08:24.536705 2026] [security2:error] [pid 11316:tid 11330] [client 43.165.126.130:50344] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aip7CKLs2JEyoAHzH4kLsAAAAQs"]
[Thu Jun 11 06:29:58.515415 2026] [security2:error] [pid 26302:tid 26329] [client 184.105.247.195:49250] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqAFptqCsTZhfVMMIvvugAAAFg"]
[Thu Jun 11 06:30:55.234643 2026] [security2:error] [pid 3786:tid 3791] [client 184.105.247.194:26788] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqATziOnYm9MGuteLYIwAAAAQI"]
[Thu Jun 11 06:38:52.492114 2026] [security2:error] [pid 26302:tid 26319] [client 184.105.247.195:32348] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqCLJtqCsTZhfVMMIv4qAAAAE4"]
[Thu Jun 11 06:41:23.105772 2026] [security2:error] [pid 14020:tid 14044] [client 184.105.247.194:43670] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqCw5g23pDFvFUPkQ-OzAAAABQ"]
[Thu Jun 11 06:42:47.961693 2026] [security2:error] [pid 26302:tid 26321] [client 43.164.196.244:40908] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aiqDF5tqCsTZhfVMMIv9nQAAAFA"]
[Thu Jun 11 06:42:54.156772 2026] [security2:error] [pid 14020:tid 14024] [client 184.105.247.195:26740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiqDHpg23pDFvFUPkQ-QXQAAAAA"]
[Thu Jun 11 06:44:11.461690 2026] [security2:error] [pid 9167:tid 9182] [client 43.153.102.138:38504] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqDa5vx2t5yVNtSJBp95QAAAMw"]
[Thu Jun 11 06:44:11.461782 2026] [security2:error] [pid 9167:tid 9182] [client 43.153.102.138:38504] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqDa5vx2t5yVNtSJBp95QAAAMw"]
[Thu Jun 11 06:44:11.462398 2026] [security2:error] [pid 9167:tid 9182] [client 43.153.102.138:38504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqDa5vx2t5yVNtSJBp95QAAAMw"]
[Thu Jun 11 06:44:11.463277 2026] [security2:error] [pid 9167:tid 9182] [client 43.153.102.138:38504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqDa5vx2t5yVNtSJBp95QAAAMw"]
[Thu Jun 11 06:46:38.620787 2026] [security2:error] [pid 3786:tid 3803] [client 184.105.247.194:12978] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aiqD_jiOnYm9MGuteLYZOAAAAQ4"]
[Thu Jun 11 06:47:42.014110 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "aiqEPjiOnYm9MGuteLYaXQAAAQI"]
[Thu Jun 11 06:47:42.014603 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "aiqEPjiOnYm9MGuteLYaXQAAAQI"]
[Thu Jun 11 06:47:42.014881 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "aiqEPjiOnYm9MGuteLYaXQAAAQI"]
[Thu Jun 11 06:47:43.421043 2026] [security2:error] [pid 9167:tid 9190] [client 142.248.80.63:45922] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "aiqEP5vx2t5yVNtSJBqAhQAAANQ"]
[Thu Jun 11 06:47:43.421391 2026] [security2:error] [pid 9167:tid 9190] [client 142.248.80.63:45922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "aiqEP5vx2t5yVNtSJBqAhQAAANQ"]
[Thu Jun 11 06:47:43.421715 2026] [security2:error] [pid 9167:tid 9190] [client 142.248.80.63:45922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "aiqEP5vx2t5yVNtSJBqAhQAAANQ"]
[Thu Jun 11 06:47:43.518004 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "aiqEPziOnYm9MGuteLYaYwAAAQI"]
[Thu Jun 11 06:47:43.518313 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "aiqEPziOnYm9MGuteLYaYwAAAQI"]
[Thu Jun 11 06:47:43.518682 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "aiqEPziOnYm9MGuteLYaYwAAAQI"]
[Thu Jun 11 06:47:43.519003 2026] [security2:error] [pid 3786:tid 3791] [client 142.248.80.63:45242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "aiqEPziOnYm9MGuteLYaYwAAAQI"]
[Thu Jun 11 06:47:43.520382 2026] [security2:error] [pid 14769:tid 14774] [client 142.248.80.63:45448] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "aiqEP5k8UZMys3trPfJZogAAAII"]
[Thu Jun 11 06:47:43.520693 2026] [security2:error] [pid 14769:tid 14774] [client 142.248.80.63:45448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "aiqEP5k8UZMys3trPfJZogAAAII"]
[Thu Jun 11 06:47:43.520935 2026] [security2:error] [pid 14769:tid 14774] [client 142.248.80.63:45448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "aiqEP5k8UZMys3trPfJZogAAAII"]
[Thu Jun 11 06:47:43.522606 2026] [security2:error] [pid 14020:tid 14039] [client 142.248.80.63:45340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VNgAAAA8"]
[Thu Jun 11 06:47:43.522886 2026] [security2:error] [pid 14020:tid 14039] [client 142.248.80.63:45340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VNgAAAA8"]
[Thu Jun 11 06:47:43.523114 2026] [security2:error] [pid 14020:tid 14039] [client 142.248.80.63:45340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VNgAAAA8"]
[Thu Jun 11 06:47:43.524539 2026] [security2:error] [pid 3786:tid 3805] [client 142.248.80.63:45286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "aiqEPziOnYm9MGuteLYaZQAAARA"]
[Thu Jun 11 06:47:43.524797 2026] [security2:error] [pid 3786:tid 3805] [client 142.248.80.63:45286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "aiqEPziOnYm9MGuteLYaZQAAARA"]
[Thu Jun 11 06:47:43.525032 2026] [security2:error] [pid 3786:tid 3805] [client 142.248.80.63:45286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "aiqEPziOnYm9MGuteLYaZQAAARA"]
[Thu Jun 11 06:47:43.531105 2026] [security2:error] [pid 26302:tid 26315] [client 142.248.80.63:45328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aiqEP5tqCsTZhfVMMIsENQAAAEo"]
[Thu Jun 11 06:47:43.531338 2026] [security2:error] [pid 26302:tid 26315] [client 142.248.80.63:45328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aiqEP5tqCsTZhfVMMIsENQAAAEo"]
[Thu Jun 11 06:47:43.531640 2026] [security2:error] [pid 26302:tid 26315] [client 142.248.80.63:45328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aiqEP5tqCsTZhfVMMIsENQAAAEo"]
[Thu Jun 11 06:47:43.535242 2026] [security2:error] [pid 14020:tid 14028] [client 142.248.80.63:45268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "aiqEP5g23pDFvFUPkQ-VOAAAAAQ"]
[Thu Jun 11 06:47:43.535536 2026] [security2:error] [pid 14020:tid 14028] [client 142.248.80.63:45268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "aiqEP5g23pDFvFUPkQ-VOAAAAAQ"]
[Thu Jun 11 06:47:43.535849 2026] [security2:error] [pid 14020:tid 14028] [client 142.248.80.63:45268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "aiqEP5g23pDFvFUPkQ-VOAAAAAQ"]
[Thu Jun 11 06:47:43.537730 2026] [security2:error] [pid 14769:tid 14778] [client 142.248.80.63:45390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "aiqEP5k8UZMys3trPfJZpAAAAIY"]
[Thu Jun 11 06:47:43.537969 2026] [security2:error] [pid 14769:tid 14778] [client 142.248.80.63:45390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "aiqEP5k8UZMys3trPfJZpAAAAIY"]
[Thu Jun 11 06:47:43.538200 2026] [security2:error] [pid 14769:tid 14778] [client 142.248.80.63:45390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "aiqEP5k8UZMys3trPfJZpAAAAIY"]
[Thu Jun 11 06:47:43.540855 2026] [security2:error] [pid 9167:tid 9174] [client 142.248.80.63:45276] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "aiqEP5vx2t5yVNtSJBqAiAAAAMQ"]
[Thu Jun 11 06:47:43.541065 2026] [security2:error] [pid 9167:tid 9174] [client 142.248.80.63:45276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "aiqEP5vx2t5yVNtSJBqAiAAAAMQ"]
[Thu Jun 11 06:47:43.541262 2026] [security2:error] [pid 9167:tid 9174] [client 142.248.80.63:45276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "aiqEP5vx2t5yVNtSJBqAiAAAAMQ"]
[Thu Jun 11 06:47:43.541516 2026] [security2:error] [pid 9167:tid 9174] [client 142.248.80.63:45276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "aiqEP5vx2t5yVNtSJBqAiAAAAMQ"]
[Thu Jun 11 06:47:43.546792 2026] [security2:error] [pid 14020:tid 14026] [client 142.248.80.63:45354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VOgAAAAI"]
[Thu Jun 11 06:47:43.547011 2026] [security2:error] [pid 14020:tid 14026] [client 142.248.80.63:45354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VOgAAAAI"]
[Thu Jun 11 06:47:43.547293 2026] [security2:error] [pid 14020:tid 14026] [client 142.248.80.63:45354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VOgAAAAI"]
[Thu Jun 11 06:47:43.552280 2026] [security2:error] [pid 3786:tid 3792] [client 142.248.80.63:45346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aiqEPziOnYm9MGuteLYaaQAAAQM"]
[Thu Jun 11 06:47:43.552456 2026] [security2:error] [pid 3786:tid 3792] [client 142.248.80.63:45346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aiqEPziOnYm9MGuteLYaaQAAAQM"]
[Thu Jun 11 06:47:43.552707 2026] [security2:error] [pid 3786:tid 3792] [client 142.248.80.63:45346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aiqEPziOnYm9MGuteLYaaQAAAQM"]
[Thu Jun 11 06:47:43.553557 2026] [security2:error] [pid 14769:tid 14773] [client 142.248.80.63:45312] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "aiqEP5k8UZMys3trPfJZpgAAAIE"]
[Thu Jun 11 06:47:43.553783 2026] [security2:error] [pid 14769:tid 14773] [client 142.248.80.63:45312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "aiqEP5k8UZMys3trPfJZpgAAAIE"]
[Thu Jun 11 06:47:43.554009 2026] [security2:error] [pid 14769:tid 14773] [client 142.248.80.63:45312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "aiqEP5k8UZMys3trPfJZpgAAAIE"]
[Thu Jun 11 06:47:43.554247 2026] [security2:error] [pid 14769:tid 14773] [client 142.248.80.63:45312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "aiqEP5k8UZMys3trPfJZpgAAAIE"]
[Thu Jun 11 06:47:43.558865 2026] [security2:error] [pid 26302:tid 26308] [client 142.248.80.63:45338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aiqEP5tqCsTZhfVMMIsEOgAAAEM"]
[Thu Jun 11 06:47:43.559162 2026] [security2:error] [pid 26302:tid 26308] [client 142.248.80.63:45338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aiqEP5tqCsTZhfVMMIsEOgAAAEM"]
[Thu Jun 11 06:47:43.559441 2026] [security2:error] [pid 26302:tid 26308] [client 142.248.80.63:45338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aiqEP5tqCsTZhfVMMIsEOgAAAEM"]
[Thu Jun 11 06:47:43.559858 2026] [security2:error] [pid 9167:tid 9173] [client 142.248.80.63:45262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "aiqEP5vx2t5yVNtSJBqAiwAAAMM"]
[Thu Jun 11 06:47:43.560113 2026] [security2:error] [pid 9167:tid 9173] [client 142.248.80.63:45262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "aiqEP5vx2t5yVNtSJBqAiwAAAMM"]
[Thu Jun 11 06:47:43.560385 2026] [security2:error] [pid 9167:tid 9173] [client 142.248.80.63:45262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "aiqEP5vx2t5yVNtSJBqAiwAAAMM"]
[Thu Jun 11 06:47:43.560505 2026] [security2:error] [pid 9167:tid 9182] [client 142.248.80.63:45290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "aiqEP5vx2t5yVNtSJBqAjAAAAMw"]
[Thu Jun 11 06:47:43.560777 2026] [security2:error] [pid 9167:tid 9182] [client 142.248.80.63:45290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "aiqEP5vx2t5yVNtSJBqAjAAAAMw"]
[Thu Jun 11 06:47:43.561026 2026] [security2:error] [pid 9167:tid 9182] [client 142.248.80.63:45290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "aiqEP5vx2t5yVNtSJBqAjAAAAMw"]
[Thu Jun 11 06:47:43.566968 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:45250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjQAAAMg"]
[Thu Jun 11 06:47:43.567209 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:45250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjQAAAMg"]
[Thu Jun 11 06:47:43.567457 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:45250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjQAAAMg"]
[Thu Jun 11 06:47:43.567948 2026] [security2:error] [pid 3786:tid 3796] [client 142.248.80.63:45296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "aiqEPziOnYm9MGuteLYaawAAAQc"]
[Thu Jun 11 06:47:43.568241 2026] [security2:error] [pid 3786:tid 3796] [client 142.248.80.63:45296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "aiqEPziOnYm9MGuteLYaawAAAQc"]
[Thu Jun 11 06:47:43.568832 2026] [security2:error] [pid 3786:tid 3796] [client 142.248.80.63:45296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "aiqEPziOnYm9MGuteLYaawAAAQc"]
[Thu Jun 11 06:47:43.570925 2026] [security2:error] [pid 3786:tid 3799] [client 142.248.80.63:45366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "aiqEPziOnYm9MGuteLYaZgAAAQo"]
[Thu Jun 11 06:47:43.571149 2026] [security2:error] [pid 3786:tid 3799] [client 142.248.80.63:45366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "aiqEPziOnYm9MGuteLYaZgAAAQo"]
[Thu Jun 11 06:47:43.571416 2026] [security2:error] [pid 3786:tid 3799] [client 142.248.80.63:45366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "aiqEPziOnYm9MGuteLYaZgAAAQo"]
[Thu Jun 11 06:47:43.573203 2026] [security2:error] [pid 14020:tid 14038] [client 142.248.80.63:45374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VPwAAAA4"]
[Thu Jun 11 06:47:43.573450 2026] [security2:error] [pid 14020:tid 14038] [client 142.248.80.63:45374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VPwAAAA4"]
[Thu Jun 11 06:47:43.573903 2026] [security2:error] [pid 14020:tid 14038] [client 142.248.80.63:45374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "aiqEP5g23pDFvFUPkQ-VPwAAAA4"]
[Thu Jun 11 06:47:43.575101 2026] [security2:error] [pid 9167:tid 9183] [client 142.248.80.63:45376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjgAAAM0"]
[Thu Jun 11 06:47:43.575349 2026] [security2:error] [pid 9167:tid 9183] [client 142.248.80.63:45376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjgAAAM0"]
[Thu Jun 11 06:47:43.578342 2026] [security2:error] [pid 9167:tid 9183] [client 142.248.80.63:45376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "aiqEP5vx2t5yVNtSJBqAjgAAAM0"]
[Thu Jun 11 06:47:43.610993 2026] [security2:error] [pid 14769:tid 14794] [client 142.248.80.63:45932] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "aiqEP5k8UZMys3trPfJZqwAAAJY"]
[Thu Jun 11 06:47:43.611463 2026] [security2:error] [pid 14769:tid 14794] [client 142.248.80.63:45932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "aiqEP5k8UZMys3trPfJZqwAAAJY"]
[Thu Jun 11 06:47:43.611833 2026] [security2:error] [pid 14769:tid 14794] [client 142.248.80.63:45932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "aiqEP5k8UZMys3trPfJZqwAAAJY"]
[Thu Jun 11 06:47:54.614089 2026] [cgid:error] [pid 3786:tid 3804] [client 142.248.80.63:45992] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 06:48:01.213638 2026] [security2:error] [pid 14020:tid 14027] [client 142.248.80.63:11704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "aiqEUZg23pDFvFUPkQ-VewAAAAM"]
[Thu Jun 11 06:48:01.213932 2026] [security2:error] [pid 14020:tid 14027] [client 142.248.80.63:11704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "aiqEUZg23pDFvFUPkQ-VewAAAAM"]
[Thu Jun 11 06:48:01.214177 2026] [security2:error] [pid 14020:tid 14027] [client 142.248.80.63:11704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "aiqEUZg23pDFvFUPkQ-VewAAAAM"]
[Thu Jun 11 06:48:08.323318 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:54356] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "aiqEWJvx2t5yVNtSJBqBEAAAAMg"]
[Thu Jun 11 06:48:08.323552 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:54356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "aiqEWJvx2t5yVNtSJBqBEAAAAMg"]
[Thu Jun 11 06:48:08.323865 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:54356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "aiqEWJvx2t5yVNtSJBqBEAAAAMg"]
[Thu Jun 11 06:48:08.324213 2026] [security2:error] [pid 9167:tid 9178] [client 142.248.80.63:54356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "aiqEWJvx2t5yVNtSJBqBEAAAAMg"]
[Thu Jun 11 06:48:08.325609 2026] [security2:error] [pid 14020:tid 14044] [client 142.248.80.63:54378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "aiqEWJg23pDFvFUPkQ-VgAAAABQ"]
[Thu Jun 11 06:48:08.325848 2026] [security2:error] [pid 14020:tid 14044] [client 142.248.80.63:54378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "aiqEWJg23pDFvFUPkQ-VgAAAABQ"]
[Thu Jun 11 06:48:08.326097 2026] [security2:error] [pid 14020:tid 14044] [client 142.248.80.63:54378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "aiqEWJg23pDFvFUPkQ-VgAAAABQ"]
[Thu Jun 11 06:48:08.331531 2026] [security2:error] [pid 28574:tid 28601] [client 142.248.80.63:54334] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jVwAAAVQ"]
[Thu Jun 11 06:48:08.331798 2026] [security2:error] [pid 28574:tid 28601] [client 142.248.80.63:54334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jVwAAAVQ"]
[Thu Jun 11 06:48:08.332007 2026] [security2:error] [pid 28574:tid 28601] [client 142.248.80.63:54334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jVwAAAVQ"]
[Thu Jun 11 06:48:08.332247 2026] [security2:error] [pid 28574:tid 28601] [client 142.248.80.63:54334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jVwAAAVQ"]
[Thu Jun 11 06:48:08.337706 2026] [security2:error] [pid 3786:tid 3798] [client 142.248.80.63:54370] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4AAAAQk"]
[Thu Jun 11 06:48:08.338064 2026] [security2:error] [pid 3786:tid 3798] [client 142.248.80.63:54370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4AAAAQk"]
[Thu Jun 11 06:48:08.338297 2026] [security2:error] [pid 3786:tid 3798] [client 142.248.80.63:54370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4AAAAQk"]
[Thu Jun 11 06:48:08.338536 2026] [security2:error] [pid 3786:tid 3798] [client 142.248.80.63:54370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4AAAAQk"]
[Thu Jun 11 06:48:08.339716 2026] [security2:error] [pid 14769:tid 14796] [client 142.248.80.63:54342] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "aiqEWJk8UZMys3trPfJZzQAAAJg"]
[Thu Jun 11 06:48:08.339907 2026] [security2:error] [pid 14769:tid 14796] [client 142.248.80.63:54342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "aiqEWJk8UZMys3trPfJZzQAAAJg"]
[Thu Jun 11 06:48:08.340075 2026] [security2:error] [pid 14769:tid 14796] [client 142.248.80.63:54342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "aiqEWJk8UZMys3trPfJZzQAAAJg"]
[Thu Jun 11 06:48:08.340419 2026] [security2:error] [pid 14769:tid 14796] [client 142.248.80.63:54342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "aiqEWJk8UZMys3trPfJZzQAAAJg"]
[Thu Jun 11 06:48:08.341821 2026] [security2:error] [pid 26302:tid 26305] [client 142.248.80.63:54216] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "aiqEWJtqCsTZhfVMMIsE8gAAAEA"]
[Thu Jun 11 06:48:08.342024 2026] [security2:error] [pid 26302:tid 26305] [client 142.248.80.63:54216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "aiqEWJtqCsTZhfVMMIsE8gAAAEA"]
[Thu Jun 11 06:48:08.342409 2026] [security2:error] [pid 26302:tid 26305] [client 142.248.80.63:54216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "aiqEWJtqCsTZhfVMMIsE8gAAAEA"]
[Thu Jun 11 06:48:08.342999 2026] [security2:error] [pid 26302:tid 26305] [client 142.248.80.63:54216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "aiqEWJtqCsTZhfVMMIsE8gAAAEA"]
[Thu Jun 11 06:48:08.410168 2026] [security2:error] [pid 9167:tid 9177] [client 142.248.80.63:54206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEQAAAMc"]
[Thu Jun 11 06:48:08.410494 2026] [security2:error] [pid 9167:tid 9177] [client 142.248.80.63:54206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEQAAAMc"]
[Thu Jun 11 06:48:08.410784 2026] [security2:error] [pid 9167:tid 9177] [client 142.248.80.63:54206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEQAAAMc"]
[Thu Jun 11 06:48:08.411013 2026] [security2:error] [pid 14020:tid 14035] [client 142.248.80.63:54234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "aiqEWJg23pDFvFUPkQ-VgQAAAAs"]
[Thu Jun 11 06:48:08.411250 2026] [security2:error] [pid 14020:tid 14035] [client 142.248.80.63:54234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "aiqEWJg23pDFvFUPkQ-VgQAAAAs"]
[Thu Jun 11 06:48:08.412655 2026] [security2:error] [pid 28574:tid 28589] [client 142.248.80.63:54250] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jWAAAAUg"]
[Thu Jun 11 06:48:08.412864 2026] [security2:error] [pid 28574:tid 28589] [client 142.248.80.63:54250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jWAAAAUg"]
[Thu Jun 11 06:48:08.413190 2026] [security2:error] [pid 28574:tid 28589] [client 142.248.80.63:54250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jWAAAAUg"]
[Thu Jun 11 06:48:08.413812 2026] [security2:error] [pid 28574:tid 28589] [client 142.248.80.63:54250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "aiqEWCNW5T3kwQRT2u5jWAAAAUg"]
[Thu Jun 11 06:48:08.414693 2026] [security2:error] [pid 14020:tid 14035] [client 142.248.80.63:54234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "aiqEWJg23pDFvFUPkQ-VgQAAAAs"]
[Thu Jun 11 06:48:08.416917 2026] [security2:error] [pid 3786:tid 3794] [client 142.248.80.63:54186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "aiqEWDiOnYm9MGuteLYa4QAAAQU"]
[Thu Jun 11 06:48:08.417156 2026] [security2:error] [pid 3786:tid 3794] [client 142.248.80.63:54186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "aiqEWDiOnYm9MGuteLYa4QAAAQU"]
[Thu Jun 11 06:48:08.417387 2026] [security2:error] [pid 3786:tid 3794] [client 142.248.80.63:54186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "aiqEWDiOnYm9MGuteLYa4QAAAQU"]
[Thu Jun 11 06:48:08.420060 2026] [security2:error] [pid 14769:tid 14790] [client 142.248.80.63:54222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "aiqEWJk8UZMys3trPfJZzwAAAJI"]
[Thu Jun 11 06:48:08.420351 2026] [security2:error] [pid 14769:tid 14790] [client 142.248.80.63:54222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "aiqEWJk8UZMys3trPfJZzwAAAJI"]
[Thu Jun 11 06:48:08.420359 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aiqEWJtqCsTZhfVMMIsE8wAAAEk"]
[Thu Jun 11 06:48:08.420559 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aiqEWJtqCsTZhfVMMIsE8wAAAEk"]
[Thu Jun 11 06:48:08.422186 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aiqEWJtqCsTZhfVMMIsE8wAAAEk"]
[Thu Jun 11 06:48:08.422382 2026] [security2:error] [pid 9167:tid 9184] [client 142.248.80.63:54354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEgAAAM4"]
[Thu Jun 11 06:48:08.422961 2026] [security2:error] [pid 9167:tid 9184] [client 142.248.80.63:54354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEgAAAM4"]
[Thu Jun 11 06:48:08.423590 2026] [security2:error] [pid 9167:tid 9184] [client 142.248.80.63:54354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aiqEWJvx2t5yVNtSJBqBEgAAAM4"]
[Thu Jun 11 06:48:08.425560 2026] [security2:error] [pid 3786:tid 3812] [client 142.248.80.63:54290] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4gAAARc"]
[Thu Jun 11 06:48:08.425802 2026] [security2:error] [pid 3786:tid 3812] [client 142.248.80.63:54290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4gAAARc"]
[Thu Jun 11 06:48:08.426006 2026] [security2:error] [pid 3786:tid 3812] [client 142.248.80.63:54290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4gAAARc"]
[Thu Jun 11 06:48:08.426331 2026] [security2:error] [pid 3786:tid 3812] [client 142.248.80.63:54290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "aiqEWDiOnYm9MGuteLYa4gAAARc"]
[Thu Jun 11 06:48:08.427267 2026] [security2:error] [pid 28574:tid 28590] [client 142.248.80.63:54286] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "aiqEWCNW5T3kwQRT2u5jWQAAAUk"]
[Thu Jun 11 06:48:08.427518 2026] [security2:error] [pid 28574:tid 28590] [client 142.248.80.63:54286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "aiqEWCNW5T3kwQRT2u5jWQAAAUk"]
[Thu Jun 11 06:48:08.427774 2026] [security2:error] [pid 28574:tid 28590] [client 142.248.80.63:54286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "aiqEWCNW5T3kwQRT2u5jWQAAAUk"]
[Thu Jun 11 06:48:08.428053 2026] [security2:error] [pid 28574:tid 28590] [client 142.248.80.63:54286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "aiqEWCNW5T3kwQRT2u5jWQAAAUk"]
[Thu Jun 11 06:48:08.420843 2026] [security2:error] [pid 14769:tid 14790] [client 142.248.80.63:54222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "aiqEWJk8UZMys3trPfJZzwAAAJI"]
[Thu Jun 11 06:48:08.421821 2026] [security2:error] [pid 14020:tid 14041] [client 142.248.80.63:54204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aiqEWJg23pDFvFUPkQ-VggAAABE"]
[Thu Jun 11 06:48:08.428887 2026] [security2:error] [pid 14020:tid 14041] [client 142.248.80.63:54204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aiqEWJg23pDFvFUPkQ-VggAAABE"]
[Thu Jun 11 06:48:08.429122 2026] [security2:error] [pid 14020:tid 14041] [client 142.248.80.63:54204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aiqEWJg23pDFvFUPkQ-VggAAABE"]
[Thu Jun 11 06:48:08.430417 2026] [security2:error] [pid 14769:tid 14784] [client 142.248.80.63:54274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "aiqEWJk8UZMys3trPfJZ0AAAAIw"]
[Thu Jun 11 06:48:08.430645 2026] [security2:error] [pid 14769:tid 14784] [client 142.248.80.63:54274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "aiqEWJk8UZMys3trPfJZ0AAAAIw"]
[Thu Jun 11 06:48:08.430906 2026] [security2:error] [pid 14769:tid 14784] [client 142.248.80.63:54274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "aiqEWJk8UZMys3trPfJZ0AAAAIw"]
[Thu Jun 11 06:48:08.431303 2026] [security2:error] [pid 9167:tid 9189] [client 142.248.80.63:54302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "aiqEWJvx2t5yVNtSJBqBEwAAANM"]
[Thu Jun 11 06:48:08.431515 2026] [security2:error] [pid 9167:tid 9189] [client 142.248.80.63:54302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "aiqEWJvx2t5yVNtSJBqBEwAAANM"]
[Thu Jun 11 06:48:08.431767 2026] [security2:error] [pid 9167:tid 9189] [client 142.248.80.63:54302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "aiqEWJvx2t5yVNtSJBqBEwAAANM"]
[Thu Jun 11 06:48:08.432193 2026] [security2:error] [pid 14020:tid 14034] [client 142.248.80.63:54244] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "aiqEWJg23pDFvFUPkQ-VgwAAAAo"]
[Thu Jun 11 06:48:08.432380 2026] [security2:error] [pid 14020:tid 14034] [client 142.248.80.63:54244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "aiqEWJg23pDFvFUPkQ-VgwAAAAo"]
[Thu Jun 11 06:48:08.432593 2026] [security2:error] [pid 14020:tid 14034] [client 142.248.80.63:54244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "aiqEWJg23pDFvFUPkQ-VgwAAAAo"]
[Thu Jun 11 06:48:08.432809 2026] [security2:error] [pid 14020:tid 14034] [client 142.248.80.63:54244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "aiqEWJg23pDFvFUPkQ-VgwAAAAo"]
[Thu Jun 11 06:48:08.432893 2026] [security2:error] [pid 28574:tid 28591] [client 142.248.80.63:54262] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "aiqEWCNW5T3kwQRT2u5jWgAAAUo"]
[Thu Jun 11 06:48:08.433097 2026] [security2:error] [pid 28574:tid 28591] [client 142.248.80.63:54262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "aiqEWCNW5T3kwQRT2u5jWgAAAUo"]
[Thu Jun 11 06:48:08.433289 2026] [security2:error] [pid 28574:tid 28591] [client 142.248.80.63:54262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "aiqEWCNW5T3kwQRT2u5jWgAAAUo"]
[Thu Jun 11 06:48:08.433551 2026] [security2:error] [pid 28574:tid 28591] [client 142.248.80.63:54262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "aiqEWCNW5T3kwQRT2u5jWgAAAUo"]
[Thu Jun 11 06:48:08.433970 2026] [security2:error] [pid 3786:tid 3793] [client 142.248.80.63:54184] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "aiqEWDiOnYm9MGuteLYa4wAAAQQ"]
[Thu Jun 11 06:48:08.434247 2026] [security2:error] [pid 3786:tid 3793] [client 142.248.80.63:54184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "aiqEWDiOnYm9MGuteLYa4wAAAQQ"]
[Thu Jun 11 06:48:08.434466 2026] [security2:error] [pid 3786:tid 3793] [client 142.248.80.63:54184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "aiqEWDiOnYm9MGuteLYa4wAAAQQ"]
[Thu Jun 11 06:48:08.435385 2026] [security2:error] [pid 26302:tid 26327] [client 142.248.80.63:54328] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "aiqEWJtqCsTZhfVMMIsE9AAAAFY"]
[Thu Jun 11 06:48:08.435627 2026] [security2:error] [pid 26302:tid 26327] [client 142.248.80.63:54328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "aiqEWJtqCsTZhfVMMIsE9AAAAFY"]
[Thu Jun 11 06:48:08.435824 2026] [security2:error] [pid 26302:tid 26327] [client 142.248.80.63:54328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "aiqEWJtqCsTZhfVMMIsE9AAAAFY"]
[Thu Jun 11 06:48:08.436071 2026] [security2:error] [pid 26302:tid 26327] [client 142.248.80.63:54328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "aiqEWJtqCsTZhfVMMIsE9AAAAFY"]
[Thu Jun 11 06:48:08.438346 2026] [security2:error] [pid 26302:tid 26325] [client 142.248.80.63:54312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "aiqEWJtqCsTZhfVMMIsE9QAAAFQ"]
[Thu Jun 11 06:48:08.438612 2026] [security2:error] [pid 26302:tid 26325] [client 142.248.80.63:54312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "aiqEWJtqCsTZhfVMMIsE9QAAAFQ"]
[Thu Jun 11 06:48:08.438910 2026] [security2:error] [pid 26302:tid 26325] [client 142.248.80.63:54312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "aiqEWJtqCsTZhfVMMIsE9QAAAFQ"]
[Thu Jun 11 06:48:08.440204 2026] [security2:error] [pid 14769:tid 14777] [client 142.248.80.63:54220] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "aiqEWJk8UZMys3trPfJZ0QAAAIU"]
[Thu Jun 11 06:48:08.440407 2026] [security2:error] [pid 14769:tid 14777] [client 142.248.80.63:54220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "aiqEWJk8UZMys3trPfJZ0QAAAIU"]
[Thu Jun 11 06:48:08.440671 2026] [security2:error] [pid 14769:tid 14777] [client 142.248.80.63:54220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "aiqEWJk8UZMys3trPfJZ0QAAAIU"]
[Thu Jun 11 06:48:08.441111 2026] [security2:error] [pid 14769:tid 14777] [client 142.248.80.63:54220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "aiqEWJk8UZMys3trPfJZ0QAAAIU"]
[Thu Jun 11 06:48:09.514096 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "aiqEWZtqCsTZhfVMMIsE-gAAAEk"]
[Thu Jun 11 06:48:09.514379 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "aiqEWZtqCsTZhfVMMIsE-gAAAEk"]
[Thu Jun 11 06:48:09.514821 2026] [security2:error] [pid 26302:tid 26314] [client 142.248.80.63:54190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "aiqEWZtqCsTZhfVMMIsE-gAAAEk"]
[Thu Jun 11 06:52:11.878470 2026] [security2:error] [pid 9167:tid 9175] [client 184.105.247.195:45064] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vpn/index.html"] [unique_id "aiqFS5vx2t5yVNtSJBqD-gAAAMU"]
[Thu Jun 11 06:52:22.926487 2026] [security2:error] [pid 14769:tid 14795] [client 184.105.247.195:5888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vpn/index.html"] [unique_id "aiqFVpk8UZMys3trPfJeMAAAAJc"]
[Thu Jun 11 06:52:32.117453 2026] [security2:error] [pid 28574:tid 28590] [client 184.105.247.195:62424] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logon/LogonPoint/index.html"] [unique_id "aiqFYCNW5T3kwQRT2u5nkwAAAUk"]
[Thu Jun 11 06:52:45.506408 2026] [security2:error] [pid 14020:tid 14024] [client 184.105.247.195:53646] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logon/LogonPoint/index.html"] [unique_id "aiqFbZg23pDFvFUPkQ-YxQAAAAA"]
[Thu Jun 11 06:54:38.445804 2026] [security2:error] [pid 9167:tid 9179] [client 184.105.247.195:58604] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/geoserver/web/"] [unique_id "aiqF3pvx2t5yVNtSJBqF7AAAAMk"]
[Thu Jun 11 06:55:49.245018 2026] [security2:error] [pid 28574:tid 28600] [client 46.151.178.13:52884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqGJSNW5T3kwQRT2u5p4QAAAVM"], referer: http://13.84.161.190:443/
[Thu Jun 11 06:58:47.182716 2026] [security2:error] [pid 14020:tid 14039] [client 184.105.247.195:31300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiqG15g23pDFvFUPkQ-fuQAAAA8"]
[Thu Jun 11 06:58:47.182938 2026] [security2:error] [pid 14020:tid 14039] [client 184.105.247.195:31300] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiqG15g23pDFvFUPkQ-fuQAAAA8"]
[Thu Jun 11 06:58:47.183265 2026] [security2:error] [pid 14020:tid 14039] [client 184.105.247.195:31300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiqG15g23pDFvFUPkQ-fuQAAAA8"]
[Thu Jun 11 06:58:47.183629 2026] [security2:error] [pid 14020:tid 14039] [client 184.105.247.195:31300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqG15g23pDFvFUPkQ-fuQAAAA8"]
[Thu Jun 11 07:01:57.147683 2026] [security2:error] [pid 9167:tid 9185] [client 184.105.247.194:35914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/geoserver/web/"] [unique_id "aiqHlZvx2t5yVNtSJBqMBwAAAM8"]
[Thu Jun 11 07:03:18.114063 2026] [security2:error] [pid 14020:tid 14047] [client 78.153.140.93:48636] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqH5pg23pDFvFUPkQ-mUgAAABc"]
[Thu Jun 11 07:03:18.114333 2026] [security2:error] [pid 14020:tid 14047] [client 78.153.140.93:48636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqH5pg23pDFvFUPkQ-mUgAAABc"]
[Thu Jun 11 07:03:18.114788 2026] [security2:error] [pid 14020:tid 14047] [client 78.153.140.93:48636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqH5pg23pDFvFUPkQ-mUgAAABc"]
[Thu Jun 11 07:03:18.115702 2026] [security2:error] [pid 14020:tid 14047] [client 78.153.140.93:48636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqH5pg23pDFvFUPkQ-mUgAAABc"]
[Thu Jun 11 07:03:18.484911 2026] [security2:error] [pid 14020:tid 14030] [client 78.153.140.93:48642] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqH5pg23pDFvFUPkQ-mVQAAAAY"]
[Thu Jun 11 07:06:35.499682 2026] [security2:error] [pid 3786:tid 3791] [client 184.105.247.194:22098] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiqIqziOnYm9MGuteLYqSAAAAQI"]
[Thu Jun 11 07:06:35.499969 2026] [security2:error] [pid 3786:tid 3791] [client 184.105.247.194:22098] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiqIqziOnYm9MGuteLYqSAAAAQI"]
[Thu Jun 11 07:06:35.500313 2026] [security2:error] [pid 3786:tid 3791] [client 184.105.247.194:22098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiqIqziOnYm9MGuteLYqSAAAAQI"]
[Thu Jun 11 07:06:35.700195 2026] [security2:error] [pid 3786:tid 3791] [client 184.105.247.194:22098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiqIqziOnYm9MGuteLYqSAAAAQI"]
[Thu Jun 11 07:15:53.959512 2026] [security2:error] [pid 14769:tid 14778] [client 91.92.42.182:46564] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiqK2Zk8UZMys3trPfJ1KgAAAIY"], referer: http://machen.ai/.git/config
[Thu Jun 11 07:15:53.959895 2026] [security2:error] [pid 14769:tid 14778] [client 91.92.42.182:46564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiqK2Zk8UZMys3trPfJ1KgAAAIY"], referer: http://machen.ai/.git/config
[Thu Jun 11 07:15:53.985159 2026] [security2:error] [pid 9167:tid 9189] [client 91.92.42.182:46566] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiqK2Zvx2t5yVNtSJBqbMwAAANM"], referer: http://machen.ai/wp-config.php
[Thu Jun 11 07:15:53.985625 2026] [security2:error] [pid 9167:tid 9189] [client 91.92.42.182:46566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiqK2Zvx2t5yVNtSJBqbMwAAANM"], referer: http://machen.ai/wp-config.php
[Thu Jun 11 07:15:54.054701 2026] [security2:error] [pid 28574:tid 28584] [client 91.92.42.182:46586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiqK2iNW5T3kwQRT2u5_LQAAAUM"], referer: http://machen.ai/.env
[Thu Jun 11 07:15:54.054978 2026] [security2:error] [pid 28574:tid 28584] [client 91.92.42.182:46586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiqK2iNW5T3kwQRT2u5_LQAAAUM"], referer: http://machen.ai/.env
[Thu Jun 11 07:15:54.223995 2026] [security2:error] [pid 9167:tid 9189] [client 91.92.42.182:46566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqK2Zvx2t5yVNtSJBqbMwAAANM"], referer: http://machen.ai/wp-config.php
[Thu Jun 11 07:15:54.302920 2026] [security2:error] [pid 14769:tid 14778] [client 91.92.42.182:46564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqK2Zk8UZMys3trPfJ1KgAAAIY"], referer: http://machen.ai/.git/config
[Thu Jun 11 07:15:54.440898 2026] [security2:error] [pid 28574:tid 28584] [client 91.92.42.182:46586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqK2iNW5T3kwQRT2u5_LQAAAUM"], referer: http://machen.ai/.env
[Thu Jun 11 07:16:20.842111 2026] [security2:error] [pid 3786:tid 3800] [client 46.151.178.13:59450] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqK9DiOnYm9MGuteLYx1AAAAQs"], referer: http://13.66.22.226:443/
[Thu Jun 11 07:18:19.744976 2026] [security2:error] [pid 14769:tid 14792] [client 91.92.42.182:6858] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.gitconfig"] [unique_id "aiqLa5k8UZMys3trPfJ3GwAAAJQ"], referer: http://machen.ai/.gitconfig
[Thu Jun 11 07:18:19.745252 2026] [security2:error] [pid 14769:tid 14792] [client 91.92.42.182:6858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.gitconfig"] [unique_id "aiqLa5k8UZMys3trPfJ3GwAAAJQ"], referer: http://machen.ai/.gitconfig
[Thu Jun 11 07:18:20.069996 2026] [security2:error] [pid 14769:tid 14792] [client 91.92.42.182:6858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLa5k8UZMys3trPfJ3GwAAAJQ"], referer: http://machen.ai/.gitconfig
[Thu Jun 11 07:18:20.082247 2026] [security2:error] [pid 9167:tid 9177] [client 91.92.42.182:6898] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiqLbJvx2t5yVNtSJBqeHwAAAMc"], referer: http://machen.ai/web.config
[Thu Jun 11 07:18:20.082515 2026] [security2:error] [pid 9167:tid 9177] [client 91.92.42.182:6898] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiqLbJvx2t5yVNtSJBqeHwAAAMc"], referer: http://machen.ai/web.config
[Thu Jun 11 07:18:20.082916 2026] [security2:error] [pid 9167:tid 9177] [client 91.92.42.182:6898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiqLbJvx2t5yVNtSJBqeHwAAAMc"], referer: http://machen.ai/web.config
[Thu Jun 11 07:18:20.086175 2026] [security2:error] [pid 3786:tid 3800] [client 91.92.42.182:6908] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/composer.json"] [unique_id "aiqLbDiOnYm9MGuteLYzuwAAAQs"], referer: http://machen.ai/composer.json
[Thu Jun 11 07:18:20.086418 2026] [security2:error] [pid 3786:tid 3800] [client 91.92.42.182:6908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/composer.json"] [unique_id "aiqLbDiOnYm9MGuteLYzuwAAAQs"], referer: http://machen.ai/composer.json
[Thu Jun 11 07:18:20.104910 2026] [security2:error] [pid 28574:tid 28587] [client 91.92.42.182:6878] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiqLbCNW5T3kwQRT2u6B2wAAAUY"], referer: http://machen.ai/.env.bak
[Thu Jun 11 07:18:20.105191 2026] [security2:error] [pid 28574:tid 28587] [client 91.92.42.182:6878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiqLbCNW5T3kwQRT2u6B2wAAAUY"], referer: http://machen.ai/.env.bak
[Thu Jun 11 07:18:20.105477 2026] [security2:error] [pid 28574:tid 28587] [client 91.92.42.182:6878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiqLbCNW5T3kwQRT2u6B2wAAAUY"], referer: http://machen.ai/.env.bak
[Thu Jun 11 07:18:20.646046 2026] [security2:error] [pid 9167:tid 9177] [client 91.92.42.182:6898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLbJvx2t5yVNtSJBqeHwAAAMc"], referer: http://machen.ai/web.config
[Thu Jun 11 07:18:20.898714 2026] [security2:error] [pid 3786:tid 3800] [client 91.92.42.182:6908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLbDiOnYm9MGuteLYzuwAAAQs"], referer: http://machen.ai/composer.json
[Thu Jun 11 07:18:20.991627 2026] [security2:error] [pid 28574:tid 28587] [client 91.92.42.182:6878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLbCNW5T3kwQRT2u6B2wAAAUY"], referer: http://machen.ai/.env.bak
[Thu Jun 11 07:19:36.453013 2026] [security2:error] [pid 28574:tid 28581] [client 91.92.42.182:31344] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiqLuCNW5T3kwQRT2u6DLgAAAUA"], referer: http://machen.ai/config/parameters.yml
[Thu Jun 11 07:19:36.453388 2026] [security2:error] [pid 28574:tid 28581] [client 91.92.42.182:31344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiqLuCNW5T3kwQRT2u6DLgAAAUA"], referer: http://machen.ai/config/parameters.yml
[Thu Jun 11 07:19:36.500983 2026] [security2:error] [pid 14020:tid 14046] [client 91.92.42.182:31370] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiqLuJg23pDFvFUPkQ-31wAAABY"], referer: http://machen.ai/app/config/parameters.yml
[Thu Jun 11 07:19:36.501249 2026] [security2:error] [pid 14020:tid 14046] [client 91.92.42.182:31370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiqLuJg23pDFvFUPkQ-31wAAABY"], referer: http://machen.ai/app/config/parameters.yml
[Thu Jun 11 07:19:36.609395 2026] [security2:error] [pid 14769:tid 14795] [client 91.92.42.182:31438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.js"] [unique_id "aiqLuJk8UZMys3trPfJ3oQAAAJc"], referer: http://machen.ai/.env.js
[Thu Jun 11 07:19:36.609767 2026] [security2:error] [pid 14769:tid 14795] [client 91.92.42.182:31438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.js"] [unique_id "aiqLuJk8UZMys3trPfJ3oQAAAJc"], referer: http://machen.ai/.env.js
[Thu Jun 11 07:19:36.622929 2026] [security2:error] [pid 9167:tid 9180] [client 91.92.42.182:31420] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env-config.js"] [unique_id "aiqLuJvx2t5yVNtSJBqelAAAAMo"], referer: http://machen.ai/.env-config.js
[Thu Jun 11 07:19:36.623207 2026] [security2:error] [pid 9167:tid 9180] [client 91.92.42.182:31420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env-config.js"] [unique_id "aiqLuJvx2t5yVNtSJBqelAAAAMo"], referer: http://machen.ai/.env-config.js
[Thu Jun 11 07:19:36.625887 2026] [security2:error] [pid 3786:tid 3811] [client 91.92.42.182:31434] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiqLuDiOnYm9MGuteLY1pQAAARY"], referer: http://machen.ai/.aws/credentials
[Thu Jun 11 07:19:36.626140 2026] [security2:error] [pid 3786:tid 3811] [client 91.92.42.182:31434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiqLuDiOnYm9MGuteLY1pQAAARY"], referer: http://machen.ai/.aws/credentials
[Thu Jun 11 07:19:37.093993 2026] [security2:error] [pid 28574:tid 28581] [client 91.92.42.182:31344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLuCNW5T3kwQRT2u6DLgAAAUA"], referer: http://machen.ai/config/parameters.yml
[Thu Jun 11 07:19:37.290825 2026] [security2:error] [pid 14020:tid 14046] [client 91.92.42.182:31370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLuJg23pDFvFUPkQ-31wAAABY"], referer: http://machen.ai/app/config/parameters.yml
[Thu Jun 11 07:19:37.786978 2026] [security2:error] [pid 3786:tid 3811] [client 91.92.42.182:31434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLuDiOnYm9MGuteLY1pQAAARY"], referer: http://machen.ai/.aws/credentials
[Thu Jun 11 07:19:37.832768 2026] [security2:error] [pid 9167:tid 9180] [client 91.92.42.182:31420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLuJvx2t5yVNtSJBqelAAAAMo"], referer: http://machen.ai/.env-config.js
[Thu Jun 11 07:19:37.903208 2026] [security2:error] [pid 14769:tid 14795] [client 91.92.42.182:31438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqLuJk8UZMys3trPfJ3oQAAAJc"], referer: http://machen.ai/.env.js
[Thu Jun 11 07:20:37.759841 2026] [security2:error] [pid 3786:tid 3789] [client 45.198.224.5:41914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqL9TiOnYm9MGuteLY2wwAAAQA"], referer: http://13.66.22.226:80/cgi-bin/index2.asp
[Thu Jun 11 07:25:37.599734 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7bwAAAAU"]
[Thu Jun 11 07:25:37.599819 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7bwAAAAU"]
[Thu Jun 11 07:25:37.600407 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7bwAAAAU"]
[Thu Jun 11 07:25:37.600697 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNIZg23pDFvFUPkQ-7bwAAAAU"]
[Thu Jun 11 07:25:37.816070 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7cgAAAAU"]
[Thu Jun 11 07:25:37.816171 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7cgAAAAU"]
[Thu Jun 11 07:25:37.816542 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIZg23pDFvFUPkQ-7cgAAAAU"]
[Thu Jun 11 07:25:37.816850 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNIZg23pDFvFUPkQ-7cgAAAAU"]
[Thu Jun 11 07:25:38.028126 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7cwAAAAU"]
[Thu Jun 11 07:25:38.242907 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7dQAAAAU"]
[Thu Jun 11 07:25:38.243002 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7dQAAAAU"]
[Thu Jun 11 07:25:38.243682 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7dQAAAAU"]
[Thu Jun 11 07:25:38.244023 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNIpg23pDFvFUPkQ-7dQAAAAU"]
[Thu Jun 11 07:25:38.459322 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7eAAAAAU"]
[Thu Jun 11 07:25:38.459420 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7eAAAAAU"]
[Thu Jun 11 07:25:38.459747 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7eAAAAAU"]
[Thu Jun 11 07:25:38.460230 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNIpg23pDFvFUPkQ-7eAAAAAU"]
[Thu Jun 11 07:25:38.686550 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dns-query"] [unique_id "aiqNIpg23pDFvFUPkQ-7egAAAAU"]
[Thu Jun 11 07:25:38.900552 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNIpg23pDFvFUPkQ-7fAAAAAU"]
[Thu Jun 11 07:25:38.900674 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNIpg23pDFvFUPkQ-7fAAAAAU"]
[Thu Jun 11 07:25:38.901604 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNIpg23pDFvFUPkQ-7fAAAAAU"]
[Thu Jun 11 07:25:38.902031 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNIpg23pDFvFUPkQ-7fAAAAAU"]
[Thu Jun 11 07:25:39.113543 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7fQAAAAU"]
[Thu Jun 11 07:25:39.113657 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7fQAAAAU"]
[Thu Jun 11 07:25:39.114073 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7fQAAAAU"]
[Thu Jun 11 07:25:39.114346 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNI5g23pDFvFUPkQ-7fQAAAAU"]
[Thu Jun 11 07:25:39.327603 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7fwAAAAU"]
[Thu Jun 11 07:25:39.544156 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7gQAAAAU"]
[Thu Jun 11 07:25:39.544242 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7gQAAAAU"]
[Thu Jun 11 07:25:39.545078 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7gQAAAAU"]
[Thu Jun 11 07:25:39.545313 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNI5g23pDFvFUPkQ-7gQAAAAU"]
[Thu Jun 11 07:25:39.757813 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7hAAAAAU"]
[Thu Jun 11 07:25:39.757899 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7hAAAAAU"]
[Thu Jun 11 07:25:39.758378 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7hAAAAAU"]
[Thu Jun 11 07:25:39.758698 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNI5g23pDFvFUPkQ-7hAAAAAU"]
[Thu Jun 11 07:25:39.973801 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/query"] [unique_id "aiqNI5g23pDFvFUPkQ-7hgAAAAU"]
[Thu Jun 11 07:25:40.191386 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7hwAAAAU"]
[Thu Jun 11 07:25:40.191466 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7hwAAAAU"]
[Thu Jun 11 07:25:40.192180 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7hwAAAAU"]
[Thu Jun 11 07:25:40.192557 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJJg23pDFvFUPkQ-7hwAAAAU"]
[Thu Jun 11 07:25:40.409637 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7iQAAAAU"]
[Thu Jun 11 07:25:40.409732 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7iQAAAAU"]
[Thu Jun 11 07:25:40.410089 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7iQAAAAU"]
[Thu Jun 11 07:25:40.410365 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJJg23pDFvFUPkQ-7iQAAAAU"]
[Thu Jun 11 07:25:40.623739 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7iwAAAAU"]
[Thu Jun 11 07:25:40.838647 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7jQAAAAU"]
[Thu Jun 11 07:25:40.838735 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7jQAAAAU"]
[Thu Jun 11 07:25:40.839378 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJJg23pDFvFUPkQ-7jQAAAAU"]
[Thu Jun 11 07:25:40.839669 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJJg23pDFvFUPkQ-7jQAAAAU"]
[Thu Jun 11 07:25:41.056655 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJZg23pDFvFUPkQ-7kAAAAAU"]
[Thu Jun 11 07:25:41.056741 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJZg23pDFvFUPkQ-7kAAAAAU"]
[Thu Jun 11 07:25:41.057082 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJZg23pDFvFUPkQ-7kAAAAAU"]
[Thu Jun 11 07:25:41.057393 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJZg23pDFvFUPkQ-7kAAAAAU"]
[Thu Jun 11 07:25:41.273022 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resolve"] [unique_id "aiqNJZg23pDFvFUPkQ-7kQAAAAU"]
[Thu Jun 11 07:25:41.486846 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lAAAAAU"]
[Thu Jun 11 07:25:41.486937 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lAAAAAU"]
[Thu Jun 11 07:25:41.487551 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lAAAAAU"]
[Thu Jun 11 07:25:41.487859 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJZg23pDFvFUPkQ-7lAAAAAU"]
[Thu Jun 11 07:25:41.702677 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lQAAAAU"]
[Thu Jun 11 07:25:41.702768 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lQAAAAU"]
[Thu Jun 11 07:25:41.703137 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lQAAAAU"]
[Thu Jun 11 07:25:41.703383 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJZg23pDFvFUPkQ-7lQAAAAU"]
[Thu Jun 11 07:25:41.918555 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJZg23pDFvFUPkQ-7lwAAAAU"]
[Thu Jun 11 07:25:42.132074 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mQAAAAU"]
[Thu Jun 11 07:25:42.132177 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mQAAAAU"]
[Thu Jun 11 07:25:42.133110 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mQAAAAU"]
[Thu Jun 11 07:25:42.133370 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJpg23pDFvFUPkQ-7mQAAAAU"]
[Thu Jun 11 07:25:42.345555 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mgAAAAU"]
[Thu Jun 11 07:25:42.345664 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mgAAAAU"]
[Thu Jun 11 07:25:42.345998 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7mgAAAAU"]
[Thu Jun 11 07:25:42.346337 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqNJpg23pDFvFUPkQ-7mgAAAAU"]
[Thu Jun 11 07:25:42.568485 2026] [security2:error] [pid 14020:tid 14029] [client 47.91.125.252:55030] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqNJpg23pDFvFUPkQ-7ngAAAAU"]
[Thu Jun 11 07:32:33.362568 2026] [security2:error] [pid 3786:tid 3793] [client 45.148.10.67:61294] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqOwTiOnYm9MGuteLZEWgAAAQQ"]
[Thu Jun 11 07:37:52.911682 2026] [security2:error] [pid 9167:tid 9175] [client 135.237.125.158:39916] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqQAJvx2t5yVNtSJBqz6gAAAMU"]
[Thu Jun 11 07:37:52.911834 2026] [security2:error] [pid 9167:tid 9175] [client 135.237.125.158:39916] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqQAJvx2t5yVNtSJBqz6gAAAMU"]
[Thu Jun 11 07:37:52.912275 2026] [security2:error] [pid 9167:tid 9175] [client 135.237.125.158:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqQAJvx2t5yVNtSJBqz6gAAAMU"]
[Thu Jun 11 07:37:53.150905 2026] [security2:error] [pid 9167:tid 9175] [client 135.237.125.158:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiqQAJvx2t5yVNtSJBqz6gAAAMU"]
[Thu Jun 11 07:40:21.156789 2026] [security2:error] [pid 3786:tid 3806] [client 85.217.149.57:37134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqQlTiOnYm9MGuteLZKtwAAARE"]
[Thu Jun 11 07:45:50.201386 2026] [security2:error] [pid 14020:tid 14033] [client 185.12.59.118:55596] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Dr0v"] [unique_id "aiqR3pg23pDFvFUPkQ_R5AAAAAk"]
[Thu Jun 11 07:46:03.825305 2026] [security2:error] [pid 3786:tid 3812] [client 79.124.49.102:50402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/mics/api/v2/sentry/mics-config/handleMessage"] [unique_id "aiqR6ziOnYm9MGuteLZR5gAAARc"]
[Thu Jun 11 07:51:20.460828 2026] [security2:error] [pid 3786:tid 3811] [client 34.12.84.48:48076] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKDiOnYm9MGuteLZYHQAAARY"]
[Thu Jun 11 07:51:20.461326 2026] [security2:error] [pid 3786:tid 3811] [client 34.12.84.48:48076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKDiOnYm9MGuteLZYHQAAARY"]
[Thu Jun 11 07:51:20.461616 2026] [security2:error] [pid 3786:tid 3811] [client 34.12.84.48:48076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKDiOnYm9MGuteLZYHQAAARY"]
[Thu Jun 11 07:51:20.561027 2026] [security2:error] [pid 14769:tid 14779] [client 34.12.84.48:48086] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqTKJk8UZMys3trPfKYNwAAAIc"]
[Thu Jun 11 07:51:20.561465 2026] [security2:error] [pid 14769:tid 14779] [client 34.12.84.48:48086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqTKJk8UZMys3trPfKYNwAAAIc"]
[Thu Jun 11 07:51:20.561774 2026] [security2:error] [pid 14769:tid 14779] [client 34.12.84.48:48086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqTKJk8UZMys3trPfKYNwAAAIc"]
[Thu Jun 11 07:51:20.574335 2026] [security2:error] [pid 28574:tid 28603] [client 34.12.84.48:48110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKCNW5T3kwQRT2u6qNgAAAVY"]
[Thu Jun 11 07:51:20.574933 2026] [security2:error] [pid 28574:tid 28603] [client 34.12.84.48:48110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKCNW5T3kwQRT2u6qNgAAAVY"]
[Thu Jun 11 07:51:20.575282 2026] [security2:error] [pid 28574:tid 28603] [client 34.12.84.48:48110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqTKCNW5T3kwQRT2u6qNgAAAVY"]
[Thu Jun 11 07:51:20.579881 2026] [security2:error] [pid 14020:tid 14033] [client 34.12.84.48:48100] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqTKJg23pDFvFUPkQ_Y0wAAAAk"]
[Thu Jun 11 07:51:20.580224 2026] [security2:error] [pid 14020:tid 14033] [client 34.12.84.48:48100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqTKJg23pDFvFUPkQ_Y0wAAAAk"]
[Thu Jun 11 07:51:20.580473 2026] [security2:error] [pid 14020:tid 14033] [client 34.12.84.48:48100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqTKJg23pDFvFUPkQ_Y0wAAAAk"]
[Thu Jun 11 07:51:20.611055 2026] [security2:error] [pid 3786:tid 3807] [client 34.12.84.48:48124] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqTKDiOnYm9MGuteLZYHwAAARI"]
[Thu Jun 11 07:51:20.611461 2026] [security2:error] [pid 3786:tid 3807] [client 34.12.84.48:48124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqTKDiOnYm9MGuteLZYHwAAARI"]
[Thu Jun 11 07:51:20.613905 2026] [security2:error] [pid 3786:tid 3807] [client 34.12.84.48:48124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqTKDiOnYm9MGuteLZYHwAAARI"]
[Thu Jun 11 07:53:08.705163 2026] [security2:error] [pid 14769:tid 14792] [client 185.12.59.118:54762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/Dr0v"] [unique_id "aiqTlJk8UZMys3trPfKaTwAAAJQ"]
[Thu Jun 11 07:55:29.797976 2026] [security2:error] [pid 14769:tid 14785] [client 35.241.166.201:39994] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqUIZk8UZMys3trPfKb8gAAAI0"]
[Thu Jun 11 08:10:24.142873 2026] [security2:error] [pid 28574:tid 28584] [client 199.45.154.154:59654] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqXoCNW5T3kwQRT2u6_ggAAAUM"]
[Thu Jun 11 08:10:27.369098 2026] [security2:error] [pid 14769:tid 14785] [client 199.45.154.154:59684] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiqXo5k8UZMys3trPfKtxgAAAI0"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 08:10:28.758560 2026] [security2:error] [pid 14020:tid 14048] [client 199.45.154.154:59700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiqXpJg23pDFvFUPkQ_swgAAABg"]
[Thu Jun 11 08:10:31.144771 2026] [security2:error] [pid 28574:tid 28603] [client 199.45.154.154:59528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiqXpyNW5T3kwQRT2u6_hwAAAVY"], referer: https://13.66.22.226/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 08:11:25.522416 2026] [security2:error] [pid 3786:tid 3805] [client 199.45.154.154:37232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/security.txt"] [unique_id "aiqX3TiOnYm9MGuteLZulgAAARA"]
[Thu Jun 11 08:21:41.280891 2026] [security2:error] [pid 3786:tid 3806] [client 34.39.32.41:32996] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqaRTiOnYm9MGuteLZ5WgAAARE"]
[Thu Jun 11 08:21:41.281446 2026] [security2:error] [pid 3786:tid 3806] [client 34.39.32.41:32996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqaRTiOnYm9MGuteLZ5WgAAARE"]
[Thu Jun 11 08:21:41.281976 2026] [security2:error] [pid 3786:tid 3806] [client 34.39.32.41:32996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/index.html"] [unique_id "aiqaRTiOnYm9MGuteLZ5WgAAARE"]
[Thu Jun 11 08:21:41.288094 2026] [security2:error] [pid 14769:tid 14783] [client 34.39.32.41:32982] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqaRZk8UZMys3trPfK5BwAAAIs"]
[Thu Jun 11 08:21:41.289115 2026] [security2:error] [pid 14769:tid 14783] [client 34.39.32.41:32982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqaRZk8UZMys3trPfK5BwAAAIs"]
[Thu Jun 11 08:21:41.289564 2026] [security2:error] [pid 14769:tid 14783] [client 34.39.32.41:32982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/index.html"] [unique_id "aiqaRZk8UZMys3trPfK5BwAAAIs"]
[Thu Jun 11 08:21:41.423420 2026] [security2:error] [pid 14020:tid 14045] [client 34.39.32.41:33002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqaRZg23pDFvFUPkQ_2TAAAABU"]
[Thu Jun 11 08:21:41.423869 2026] [security2:error] [pid 14020:tid 14045] [client 34.39.32.41:33002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqaRZg23pDFvFUPkQ_2TAAAABU"]
[Thu Jun 11 08:21:41.424213 2026] [security2:error] [pid 14020:tid 14045] [client 34.39.32.41:33002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/index.html"] [unique_id "aiqaRZg23pDFvFUPkQ_2TAAAABU"]
[Thu Jun 11 08:21:41.444457 2026] [security2:error] [pid 2041:tid 2049] [client 34.39.32.41:33006] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqaRQ5X1D4FZg2ua4i7ZAAAAEQ"]
[Thu Jun 11 08:21:41.444881 2026] [security2:error] [pid 2041:tid 2049] [client 34.39.32.41:33006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqaRQ5X1D4FZg2ua4i7ZAAAAEQ"]
[Thu Jun 11 08:21:41.445237 2026] [security2:error] [pid 2041:tid 2049] [client 34.39.32.41:33006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/index.html"] [unique_id "aiqaRQ5X1D4FZg2ua4i7ZAAAAEQ"]
[Thu Jun 11 08:21:41.455117 2026] [security2:error] [pid 28574:tid 28582] [client 34.39.32.41:33018] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.images.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqaRSNW5T3kwQRT2u7MCAAAAUE"]
[Thu Jun 11 08:21:41.455661 2026] [security2:error] [pid 28574:tid 28582] [client 34.39.32.41:33018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqaRSNW5T3kwQRT2u7MCAAAAUE"]
[Thu Jun 11 08:21:41.456046 2026] [security2:error] [pid 28574:tid 28582] [client 34.39.32.41:33018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/index.html"] [unique_id "aiqaRSNW5T3kwQRT2u7MCAAAAUE"]
[Thu Jun 11 08:27:58.829644 2026] [security2:error] [pid 3786:tid 3802] [client 69.5.169.189:12758] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqbvjiOnYm9MGuteLZ_CwAAAQ0"]
[Thu Jun 11 08:27:59.090626 2026] [security2:error] [pid 14020:tid 14031] [client 69.5.169.241:10418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiqbv5g23pDFvFUPkQ_9WgAAAAc"]
[Thu Jun 11 08:34:56.660001 2026] [security2:error] [pid 2041:tid 2066] [client 78.153.140.93:47888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqdYA5X1D4FZg2ua4jHFAAAAFU"]
[Thu Jun 11 08:34:56.660259 2026] [security2:error] [pid 2041:tid 2066] [client 78.153.140.93:47888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqdYA5X1D4FZg2ua4jHFAAAAFU"]
[Thu Jun 11 08:34:56.660540 2026] [security2:error] [pid 2041:tid 2066] [client 78.153.140.93:47888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqdYA5X1D4FZg2ua4jHFAAAAFU"]
[Thu Jun 11 08:34:56.661349 2026] [security2:error] [pid 2041:tid 2066] [client 78.153.140.93:47888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqdYA5X1D4FZg2ua4jHFAAAAFU"]
[Thu Jun 11 08:34:57.019682 2026] [security2:error] [pid 3786:tid 3812] [client 78.153.140.93:47904] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqdYTiOnYm9MGuteLaFyAAAARc"]
[Thu Jun 11 08:38:51.985606 2026] [security2:error] [pid 14020:tid 14041] [client 43.135.135.57:52054] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqeS5g23pDFvFUPkQ8JDQAAABE"], referer: http://13.84.161.190
[Thu Jun 11 08:38:51.985753 2026] [security2:error] [pid 14020:tid 14041] [client 43.135.135.57:52054] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqeS5g23pDFvFUPkQ8JDQAAABE"], referer: http://13.84.161.190
[Thu Jun 11 08:38:51.986251 2026] [security2:error] [pid 14020:tid 14041] [client 43.135.135.57:52054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqeS5g23pDFvFUPkQ8JDQAAABE"], referer: http://13.84.161.190
[Thu Jun 11 08:38:52.253617 2026] [security2:error] [pid 14020:tid 14041] [client 43.135.135.57:52054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiqeS5g23pDFvFUPkQ8JDQAAABE"], referer: http://13.84.161.190
[Thu Jun 11 08:39:09.582929 2026] [security2:error] [pid 28574:tid 28581] [client 78.153.140.50:50190] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiqeXSNW5T3kwQRT2u7fiwAAAUA"]
[Thu Jun 11 08:39:09.583173 2026] [security2:error] [pid 28574:tid 28581] [client 78.153.140.50:50190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiqeXSNW5T3kwQRT2u7fiwAAAUA"]
[Thu Jun 11 08:39:09.583443 2026] [security2:error] [pid 28574:tid 28581] [client 78.153.140.50:50190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiqeXSNW5T3kwQRT2u7fiwAAAUA"]
[Thu Jun 11 08:39:09.675437 2026] [security2:error] [pid 28574:tid 28581] [client 78.153.140.50:50190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiqeXSNW5T3kwQRT2u7fiwAAAUA"]
[Thu Jun 11 08:39:10.303805 2026] [security2:error] [pid 14020:tid 14036] [client 78.153.140.50:50198] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqeXpg23pDFvFUPkQ8JIgAAAAw"]
[Thu Jun 11 08:39:23.953834 2026] [security2:error] [pid 2041:tid 2061] [client 45.148.10.67:60384] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiqeaw5X1D4FZg2ua4jLggAAAFA"]
[Thu Jun 11 08:58:07.053469 2026] [cgid:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script, referer: http://sonneconsultoria.com.br/
[Thu Jun 11 08:58:26.420336 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:fileloc: /disk001/sonne/public_html/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqi4pk8UZMys3trPfLdOAAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php
[Thu Jun 11 08:58:26.421465 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqi4pk8UZMys3trPfLdOAAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php
[Thu Jun 11 08:58:26.421801 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqi4pk8UZMys3trPfLdOAAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php
[Thu Jun 11 08:58:26.879019 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:fileloc: /disk001/sonne/public_html/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi4pk8UZMys3trPfLdPQAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php
[Thu Jun 11 08:58:26.879731 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi4pk8UZMys3trPfLdPQAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php
[Thu Jun 11 08:58:26.880182 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi4pk8UZMys3trPfLdPQAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php
[Thu Jun 11 08:58:54.922939 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Matched phrase ".htpasswd" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htpasswd found within ARGS:path: /disk001/sonne/.htpasswds"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi_pk8UZMys3trPfLeAwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=/disk001/sonne
[Thu Jun 11 08:58:54.923669 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi_pk8UZMys3trPfLeAwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=/disk001/sonne
[Thu Jun 11 08:58:54.923964 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqi_pk8UZMys3trPfLeAwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=/disk001/sonne
[Thu Jun 11 08:59:08.561134 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Matched phrase ".htpasswd" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htpasswd found within ARGS:path: /disk001/sonne/.htpasswds"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqjDJk8UZMys3trPfLeWwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php?path=/disk001/sonne
[Thu Jun 11 08:59:08.562052 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqjDJk8UZMys3trPfLeWwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php?path=/disk001/sonne
[Thu Jun 11 08:59:08.562399 2026] [security2:error] [pid 14769:tid 14784] [client 74.7.242.25:35696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-gMWGLIqY.php"] [unique_id "aiqjDJk8UZMys3trPfLeWwAAAIw"], referer: http://sonneconsultoria.com.br/x-cp-gMWGLIqY.php?path=/disk001/sonne
[Thu Jun 11 09:01:29.577765 2026] [security2:error] [pid 3786:tid 3791] [client 43.153.62.161:45348] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aiqjmTiOnYm9MGuteLahHQAAAQI"], referer: http://machen.ai
[Thu Jun 11 09:02:31.454834 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/issue found within ARGS:fileloc: /etc/issue.net"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6AAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:02:31.455593 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6AAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:02:31.455912 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6AAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:02:31.956105 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6wAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:02:31.956668 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6wAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:02:31.957027 2026] [security2:error] [pid 3786:tid 3813] [client 74.7.242.25:45472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqj1ziOnYm9MGuteLah6wAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc
[Thu Jun 11 09:03:47.578734 2026] [security2:error] [pid 28574:tid 28594] [client 78.153.140.250:47490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqkIyNW5T3kwQRT2u75JAAAAU0"]
[Thu Jun 11 09:03:47.579053 2026] [security2:error] [pid 28574:tid 28594] [client 78.153.140.250:47490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqkIyNW5T3kwQRT2u75JAAAAU0"]
[Thu Jun 11 09:03:47.579352 2026] [security2:error] [pid 28574:tid 28594] [client 78.153.140.250:47490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqkIyNW5T3kwQRT2u75JAAAAU0"]
[Thu Jun 11 09:03:47.579630 2026] [security2:error] [pid 28574:tid 28594] [client 78.153.140.250:47490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqkIyNW5T3kwQRT2u75JAAAAU0"]
[Thu Jun 11 09:03:48.341518 2026] [security2:error] [pid 2041:tid 2065] [client 78.153.140.250:47498] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqkJA5X1D4FZg2ua4jjYgAAAFQ"]
[Thu Jun 11 09:07:05.419186 2026] [security2:error] [pid 2041:tid 2061] [client 74.7.242.25:35896] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:fileloc: /var/log/exim_paniclog-20260524.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqk6Q5X1D4FZg2ua4jmvAAAAFA"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//var/log
[Thu Jun 11 09:07:05.419990 2026] [security2:error] [pid 2041:tid 2061] [client 74.7.242.25:35896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqk6Q5X1D4FZg2ua4jmvAAAAFA"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//var/log
[Thu Jun 11 09:07:05.420306 2026] [security2:error] [pid 2041:tid 2061] [client 74.7.242.25:35896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqk6Q5X1D4FZg2ua4jmvAAAAFA"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//var/log
[Thu Jun 11 09:08:23.655089 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/net/udp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlNw5X1D4FZg2ua4jogQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:23.655744 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlNw5X1D4FZg2ua4jogQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:23.656019 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlNw5X1D4FZg2ua4jogQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:32.993519 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:fileloc: /proc/net/tcp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQA5X1D4FZg2ua4jowQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:32.994173 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQA5X1D4FZg2ua4jowQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:32.994637 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQA5X1D4FZg2ua4jowQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:34.735321 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/net/udplite"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQg5X1D4FZg2ua4jozwAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:34.736099 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQg5X1D4FZg2ua4jozwAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:34.736409 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQg5X1D4FZg2ua4jozwAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:35.269430 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/net/udplite6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQw5X1D4FZg2ua4jo0gAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:35.270136 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQw5X1D4FZg2ua4jo0gAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:35.270451 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlQw5X1D4FZg2ua4jo0gAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:39.288811 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/net/udp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlRw5X1D4FZg2ua4jo-AAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:39.289457 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlRw5X1D4FZg2ua4jo-AAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:39.289760 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlRw5X1D4FZg2ua4jo-AAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:45.031408 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:fileloc: /proc/net/tcp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlTQ5X1D4FZg2ua4jpKQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:45.032064 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlTQ5X1D4FZg2ua4jpKQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:45.032335 2026] [security2:error] [pid 2041:tid 2053] [client 74.7.242.25:57898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiqlTQ5X1D4FZg2ua4jpKQAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/net
[Thu Jun 11 09:08:55.466501 2026] [security2:error] [pid 14020:tid 14048] [client 20.163.2.151:48728] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqlV5g23pDFvFUPkQ8jmAAAABg"]
[Thu Jun 11 09:08:55.466665 2026] [security2:error] [pid 14020:tid 14048] [client 20.163.2.151:48728] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqlV5g23pDFvFUPkQ8jmAAAABg"]
[Thu Jun 11 09:08:55.466974 2026] [security2:error] [pid 14020:tid 14048] [client 20.163.2.151:48728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiqlV5g23pDFvFUPkQ8jmAAAABg"]
[Thu Jun 11 09:08:55.467223 2026] [security2:error] [pid 14020:tid 14048] [client 20.163.2.151:48728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqlV5g23pDFvFUPkQ8jmAAAABg"]
[Thu Jun 11 09:09:26.542600 2026] [authz_core:error] [pid 3786:tid 3794] [client 85.204.70.104:40838] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/error_log
[Thu Jun 11 09:09:52.264392 2026] [authz_core:error] [pid 3786:tid 3794] [client 85.204.70.104:40838] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/IXR/error_log
[Thu Jun 11 09:10:11.187469 2026] [authz_core:error] [pid 3786:tid 3812] [client 85.204.70.104:54264] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/PHPMailer/error_log
[Thu Jun 11 09:10:37.919854 2026] [authz_core:error] [pid 14769:tid 14779] [client 85.204.70.104:45272] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/library/error_log
[Thu Jun 11 09:10:49.242476 2026] [authz_core:error] [pid 2041:tid 2066] [client 85.204.70.104:43768] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/error_log
[Thu Jun 11 09:11:00.322342 2026] [authz_core:error] [pid 28574:tid 28598] [client 85.204.70.104:38692] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Auth/error_log
[Thu Jun 11 09:11:26.540143 2026] [authz_core:error] [pid 28574:tid 28597] [client 85.204.70.104:40592] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/error_log
[Thu Jun 11 09:11:39.191819 2026] [authz_core:error] [pid 14769:tid 14780] [client 85.204.70.104:56324] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/Http/error_log
[Thu Jun 11 09:12:23.508272 2026] [authz_core:error] [pid 14020:tid 14039] [client 85.204.70.104:38252] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/Transport/error_log
[Thu Jun 11 09:12:39.790879 2026] [authz_core:error] [pid 3786:tid 3806] [client 85.204.70.104:54596] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Proxy/error_log
[Thu Jun 11 09:12:52.776512 2026] [authz_core:error] [pid 2041:tid 2059] [client 85.204.70.104:46038] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Response/error_log
[Thu Jun 11 09:13:05.900801 2026] [authz_core:error] [pid 28574:tid 28605] [client 85.204.70.104:47378] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Transport/error_log
[Thu Jun 11 09:13:17.035509 2026] [security2:error] [pid 28574:tid 28600] [client 85.204.70.104:41718] ModSecurity: Warning. Matched phrase "fsockopen" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: fsockopen found within REQUEST_FILENAME: /wp-includes/requests/src/transport/fsockopen.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/Requests/src/Transport/Fsockopen.php"] [unique_id "aiqmXSNW5T3kwQRT2u4BtgAAAVM"]
[Thu Jun 11 09:13:17.035711 2026] [security2:error] [pid 28574:tid 28600] [client 85.204.70.104:41718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/Requests/src/Transport/Fsockopen.php"] [unique_id "aiqmXSNW5T3kwQRT2u4BtgAAAVM"]
[Thu Jun 11 09:13:30.467829 2026] [security2:error] [pid 28574:tid 28600] [client 85.204.70.104:41718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiqmXSNW5T3kwQRT2u4BtgAAAVM"]
[Thu Jun 11 09:13:50.691084 2026] [authz_core:error] [pid 3786:tid 3811] [client 85.204.70.104:40748] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/library/error_log
[Thu Jun 11 09:14:02.539243 2026] [authz_core:error] [pid 2041:tid 2064] [client 85.204.70.104:35252] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/library/SimplePie/error_log
[Thu Jun 11 09:16:23.583150 2026] [security2:error] [pid 14769:tid 14794] [client 85.204.70.104:57742] ModSecurity: Warning. Matched phrase "gzdecode" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: gzdecode found within REQUEST_FILENAME: /wp-includes/simplepie/library/simplepie/gzdecode.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/library/SimplePie/gzdecode.php"] [unique_id "aiqnF5k8UZMys3trPfLtggAAAJY"]
[Thu Jun 11 09:16:23.583329 2026] [security2:error] [pid 14769:tid 14794] [client 85.204.70.104:57742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/library/SimplePie/gzdecode.php"] [unique_id "aiqnF5k8UZMys3trPfLtggAAAJY"]
[Thu Jun 11 09:16:33.824026 2026] [authz_core:error] [pid 14769:tid 14796] [client 85.204.70.104:33022] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/error_log
[Thu Jun 11 09:16:33.829111 2026] [security2:error] [pid 14769:tid 14794] [client 85.204.70.104:57742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiqnF5k8UZMys3trPfLtggAAAJY"]
[Thu Jun 11 09:16:46.090082 2026] [authz_core:error] [pid 2041:tid 2065] [client 85.204.70.104:36226] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/Cache/error_log
[Thu Jun 11 09:17:35.414258 2026] [security2:error] [pid 2041:tid 2054] [client 85.204.70.104:55534] ModSecurity: Warning. Matched phrase "gzdecode" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: gzdecode found within REQUEST_FILENAME: /wp-includes/simplepie/src/gzdecode.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/src/Gzdecode.php"] [unique_id "aiqnXw5X1D4FZg2ua4jyNwAAAEk"]
[Thu Jun 11 09:17:35.414425 2026] [security2:error] [pid 2041:tid 2054] [client 85.204.70.104:55534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/src/Gzdecode.php"] [unique_id "aiqnXw5X1D4FZg2ua4jyNwAAAEk"]
[Thu Jun 11 09:17:45.222113 2026] [security2:error] [pid 2041:tid 2054] [client 85.204.70.104:55534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiqnXw5X1D4FZg2ua4jyNwAAAEk"]
[Thu Jun 11 09:17:45.412721 2026] [authz_core:error] [pid 14769:tid 14796] [client 85.204.70.104:58900] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/HTTP/error_log
[Thu Jun 11 09:18:06.530047 2026] [security2:error] [pid 14769:tid 14784] [client 43.140.247.223:45136] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiqnfpk8UZMys3trPfLunQAAAIw"]
[Thu Jun 11 09:20:18.888015 2026] [authz_core:error] [pid 2041:tid 2067] [client 85.204.70.104:56818] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/block-bindings/error_log
[Thu Jun 11 09:20:36.421473 2026] [authz_core:error] [pid 14769:tid 14785] [client 85.204.70.104:56679] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/block-patterns/error_log
[Thu Jun 11 09:20:59.532958 2026] [authz_core:error] [pid 14769:tid 14795] [client 85.204.70.104:43542] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/block-supports/error_log
[Thu Jun 11 09:22:27.314729 2026] [security2:error] [pid 2041:tid 2067] [client 101.42.46.71:58898] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aiqogw5X1D4FZg2ua4j3JwAAAFY"], referer: http://machen.ai
[Thu Jun 11 09:24:05.040092 2026] [security2:error] [pid 14020:tid 14039] [client 80.94.92.65:58002] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqo5Zg23pDFvFUPkQ80YQAAAA8"]
[Thu Jun 11 09:24:05.040275 2026] [security2:error] [pid 14020:tid 14039] [client 80.94.92.65:58002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqo5Zg23pDFvFUPkQ80YQAAAA8"]
[Thu Jun 11 09:24:05.040403 2026] [security2:error] [pid 14020:tid 14039] [client 80.94.92.65:58002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqo5Zg23pDFvFUPkQ80YQAAAA8"]
[Thu Jun 11 09:24:05.040770 2026] [security2:error] [pid 14020:tid 14039] [client 80.94.92.65:58002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiqo5Zg23pDFvFUPkQ80YQAAAA8"]
[Thu Jun 11 09:24:05.041207 2026] [security2:error] [pid 14020:tid 14039] [client 80.94.92.65:58002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqo5Zg23pDFvFUPkQ80YQAAAA8"]
[Thu Jun 11 09:24:14.144134 2026] [security2:error] [pid 14020:tid 14025] [client 136.118.184.141:52600] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqo7pg23pDFvFUPkQ80hgAAAAE"]
[Thu Jun 11 09:24:14.144439 2026] [security2:error] [pid 14020:tid 14025] [client 136.118.184.141:52600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aiqo7pg23pDFvFUPkQ80hgAAAAE"]
[Thu Jun 11 09:24:14.341126 2026] [security2:error] [pid 2041:tid 2046] [client 136.118.184.141:52612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqo7g5X1D4FZg2ua4j4WAAAAEE"]
[Thu Jun 11 09:24:14.345790 2026] [security2:error] [pid 2041:tid 2046] [client 136.118.184.141:52612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqo7g5X1D4FZg2ua4j4WAAAAEE"]
[Thu Jun 11 09:24:14.365219 2026] [security2:error] [pid 28574:tid 28594] [client 136.118.184.141:52620] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqo7iNW5T3kwQRT2u4M2QAAAU0"]
[Thu Jun 11 09:24:14.365545 2026] [security2:error] [pid 28574:tid 28594] [client 136.118.184.141:52620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiqo7iNW5T3kwQRT2u4M2QAAAU0"]
[Thu Jun 11 09:24:14.405304 2026] [security2:error] [pid 3786:tid 3811] [client 136.118.184.141:52634] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqo7jiOnYm9MGuteLa4TQAAARY"]
[Thu Jun 11 09:24:14.405951 2026] [security2:error] [pid 3786:tid 3811] [client 136.118.184.141:52634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aiqo7jiOnYm9MGuteLa4TQAAARY"]
[Thu Jun 11 09:24:14.467202 2026] [security2:error] [pid 14020:tid 14044] [client 136.118.184.141:52638] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqo7pg23pDFvFUPkQ80hwAAABQ"]
[Thu Jun 11 09:24:14.467655 2026] [security2:error] [pid 14020:tid 14044] [client 136.118.184.141:52638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aiqo7pg23pDFvFUPkQ80hwAAABQ"]
[Thu Jun 11 09:24:15.180019 2026] [security2:error] [pid 14020:tid 14025] [client 136.118.184.141:52600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqo7pg23pDFvFUPkQ80hgAAAAE"]
[Thu Jun 11 09:24:15.250995 2026] [security2:error] [pid 28574:tid 28594] [client 136.118.184.141:52620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqo7iNW5T3kwQRT2u4M2QAAAU0"]
[Thu Jun 11 09:24:15.453725 2026] [security2:error] [pid 3786:tid 3811] [client 136.118.184.141:52634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqo7jiOnYm9MGuteLa4TQAAARY"]
[Thu Jun 11 09:24:15.484087 2026] [security2:error] [pid 2041:tid 2046] [client 136.118.184.141:52612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqo7g5X1D4FZg2ua4j4WAAAAEE"]
[Thu Jun 11 09:24:15.491014 2026] [security2:error] [pid 14020:tid 14044] [client 136.118.184.141:52638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiqo7pg23pDFvFUPkQ80hwAAABQ"]
[Thu Jun 11 09:25:22.185176 2026] [ssl:error] [pid 28574:tid 28590] [client 3.233.59.216:53088] AH02032: Hostname machen.ai (default host as no SNI was provided) and hostname cpanel.machen.ai provided via HTTP have no compatible SSL setup for policy 'secure'
[Thu Jun 11 09:28:40.759037 2026] [authz_core:error] [pid 2041:tid 2061] [client 85.204.70.104:58608] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/customize/error_log
[Thu Jun 11 09:29:47.489312 2026] [authz_core:error] [pid 3786:tid 3790] [client 85.204.70.104:33872] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/html-api/error_log
[Thu Jun 11 09:29:55.851821 2026] [security2:error] [pid 2041:tid 2056] [client 47.79.240.57:42940] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqqQw5X1D4FZg2ua4j8aQAAAEs"]
[Thu Jun 11 09:29:56.542874 2026] [security2:error] [pid 14769:tid 14791] [client 47.79.240.57:18684] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqqRJk8UZMys3trPfL5LgAAAJM"]
[Thu Jun 11 09:29:56.745657 2026] [security2:error] [pid 14769:tid 14791] [client 47.79.240.57:18684] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiqqRJk8UZMys3trPfL5MQAAAJM"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 09:31:04.217831 2026] [authz_core:error] [pid 14769:tid 14777] [client 85.204.70.104:49476] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/interactivity-api/error_log
[Thu Jun 11 09:32:00.920215 2026] [cgid:error] [pid 14769:tid 14778] [client 142.44.220.235:31152] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 09:40:41.323287 2026] [security2:error] [pid 14020:tid 14042] [client 93.123.109.178:34742] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiqsyZg23pDFvFUPkQ9EuwAAABI"]
[Thu Jun 11 09:40:41.323693 2026] [security2:error] [pid 14020:tid 14042] [client 93.123.109.178:34742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiqsyZg23pDFvFUPkQ9EuwAAABI"]
[Thu Jun 11 09:40:41.324077 2026] [security2:error] [pid 14020:tid 14042] [client 93.123.109.178:34742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiqsyZg23pDFvFUPkQ9EuwAAABI"]
[Thu Jun 11 09:41:03.822864 2026] [authz_core:error] [pid 14769:tid 14783] [client 85.204.70.104:57478] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/l10n/error_log
[Thu Jun 11 09:42:42.938498 2026] [security2:error] [pid 14020:tid 14042] [client 95.85.238.22:39908] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqtQpg23pDFvFUPkQ9GVAAAABI"]
[Thu Jun 11 09:56:09.226966 2026] [authz_core:error] [pid 28740:tid 28745] [client 85.204.70.104:46258] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/error_log
[Thu Jun 11 09:56:22.369305 2026] [authz_core:error] [pid 28574:tid 28603] [client 85.204.70.104:35832] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/endpoints/error_log
[Thu Jun 11 09:56:50.120806 2026] [authz_core:error] [pid 28791:tid 28809] [client 85.204.70.104:57468] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/fields/error_log
[Thu Jun 11 09:57:04.929072 2026] [authz_core:error] [pid 28574:tid 28599] [client 85.204.70.104:53118] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/search/error_log
[Thu Jun 11 09:57:29.938541 2026] [authz_core:error] [pid 28574:tid 28601] [client 85.204.70.104:49908] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sitemaps/providers/error_log
[Thu Jun 11 09:57:54.095670 2026] [authz_core:error] [pid 28740:tid 28751] [client 85.204.70.104:35690] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/lib/error_log
[Thu Jun 11 09:58:11.216685 2026] [authz_core:error] [pid 28574:tid 28602] [client 85.204.70.104:35078] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/error_log
[Thu Jun 11 09:58:22.449437 2026] [authz_core:error] [pid 28574:tid 28593] [client 85.204.70.104:38700] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/error_log
[Thu Jun 11 09:58:33.992273 2026] [authz_core:error] [pid 28791:tid 28812] [client 85.204.70.104:39994] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/ChaCha20/error_log
[Thu Jun 11 09:58:47.059138 2026] [authz_core:error] [pid 2041:tid 2056] [client 85.204.70.104:35864] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Curve25519/error_log
[Thu Jun 11 09:58:58.093338 2026] [authz_core:error] [pid 28790:tid 28828] [client 85.204.70.104:38394] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Thu Jun 11 09:59:16.496842 2026] [authz_core:error] [pid 28790:tid 28835] [client 85.204.70.104:44872] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Poly1305/error_log
[Thu Jun 11 09:59:34.551145 2026] [authz_core:error] [pid 28740:tid 28753] [client 85.204.70.104:32954] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/error_log
[Thu Jun 11 09:59:45.536141 2026] [authz_core:error] [pid 28791:tid 28908] [client 85.204.70.104:50338] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/error_log
[Thu Jun 11 10:00:10.931045 2026] [authz_core:error] [pid 28740:tid 28758] [client 85.204.70.104:35062] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/AES/error_log
[Thu Jun 11 10:00:36.177502 2026] [authz_core:error] [pid 28574:tid 28603] [client 85.204.70.104:39458] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/ChaCha20/error_log
[Thu Jun 11 10:00:49.324903 2026] [authz_core:error] [pid 2041:tid 2048] [client 85.204.70.104:45930] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/Curve25519/error_log
[Thu Jun 11 10:01:20.430068 2026] [authz_core:error] [pid 28574:tid 28592] [client 85.204.70.104:48492] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/Poly1305/error_log
[Thu Jun 11 10:01:27.396012 2026] [security2:error] [pid 2041:tid 2061] [client 135.119.96.68:44406] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqxpw5X1D4FZg2ua4gYrQAAAFA"]
[Thu Jun 11 10:01:27.396211 2026] [security2:error] [pid 2041:tid 2061] [client 135.119.96.68:44406] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqxpw5X1D4FZg2ua4gYrQAAAFA"]
[Thu Jun 11 10:01:27.396494 2026] [security2:error] [pid 2041:tid 2061] [client 135.119.96.68:44406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiqxpw5X1D4FZg2ua4gYrQAAAFA"]
[Thu Jun 11 10:01:27.397513 2026] [security2:error] [pid 2041:tid 2061] [client 135.119.96.68:44406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiqxpw5X1D4FZg2ua4gYrQAAAFA"]
[Thu Jun 11 10:01:50.372731 2026] [authz_core:error] [pid 28790:tid 28837] [client 85.204.70.104:33594] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/error_log
[Thu Jun 11 10:02:02.860497 2026] [authz_core:error] [pid 2041:tid 2052] [client 85.204.70.104:49132] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/ChaCha20/error_log
[Thu Jun 11 10:02:15.605747 2026] [authz_core:error] [pid 28791:tid 28800] [client 85.204.70.104:55170] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/Curve25519/error_log
[Thu Jun 11 10:02:43.859177 2026] [authz_core:error] [pid 28790:tid 28830] [client 85.204.70.104:56560] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/Poly1305/error_log
[Thu Jun 11 10:03:43.643011 2026] [authz_core:error] [pid 28740:tid 28747] [client 85.204.70.104:36754] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/theme-compat/error_log
[Thu Jun 11 10:04:06.050519 2026] [authz_core:error] [pid 28740:tid 28749] [client 85.204.70.104:46862] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/widgets/error_log
[Thu Jun 11 10:08:00.112309 2026] [authz_core:error] [pid 28790:tid 28842] [client 85.204.70.104:35570] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/IXR/error_log
[Thu Jun 11 10:08:00.394706 2026] [authz_core:error] [pid 28790:tid 28842] [client 85.204.70.104:35570] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/library/error_log
[Thu Jun 11 10:08:11.822012 2026] [authz_core:error] [pid 28740:tid 28765] [client 85.204.70.104:53260] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/error_log
[Thu Jun 11 10:08:22.975650 2026] [authz_core:error] [pid 18250:tid 18256] [client 85.204.70.104:33464] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Auth/error_log
[Thu Jun 11 10:08:48.705333 2026] [authz_core:error] [pid 18250:tid 18259] [client 85.204.70.104:54790] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/error_log
[Thu Jun 11 10:09:01.175013 2026] [authz_core:error] [pid 28791:tid 28797] [client 85.204.70.104:32920] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/Http/error_log
[Thu Jun 11 10:09:42.818006 2026] [authz_core:error] [pid 18250:tid 18265] [client 85.204.70.104:44616] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Exception/Transport/error_log
[Thu Jun 11 10:09:59.780893 2026] [authz_core:error] [pid 28790:tid 28831] [client 85.204.70.104:58832] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Proxy/error_log
[Thu Jun 11 10:10:12.442168 2026] [authz_core:error] [pid 28791:tid 28886] [client 85.204.70.104:59464] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Response/error_log
[Thu Jun 11 10:10:26.850108 2026] [authz_core:error] [pid 2041:tid 2067] [client 85.204.70.104:59184] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/Requests/src/Transport/error_log
[Thu Jun 11 10:10:38.131970 2026] [security2:error] [pid 28791:tid 28796] [client 85.204.70.104:39806] ModSecurity: Warning. Matched phrase "fsockopen" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: fsockopen found within REQUEST_FILENAME: /wp-includes/requests/src/transport/fsockopen.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/Requests/src/Transport/Fsockopen.php"] [unique_id "aiqzzv9E86NgzsLW5NdA3wAAAIM"]
[Thu Jun 11 10:10:38.132152 2026] [security2:error] [pid 28791:tid 28796] [client 85.204.70.104:39806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/Requests/src/Transport/Fsockopen.php"] [unique_id "aiqzzv9E86NgzsLW5NdA3wAAAIM"]
[Thu Jun 11 10:10:49.823154 2026] [security2:error] [pid 28791:tid 28796] [client 85.204.70.104:39806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiqzzv9E86NgzsLW5NdA3wAAAIM"]
[Thu Jun 11 10:11:02.306883 2026] [authz_core:error] [pid 28740:tid 28757] [client 85.204.70.104:58114] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/library/error_log
[Thu Jun 11 10:11:03.340963 2026] [security2:error] [pid 2041:tid 2063] [client 43.165.125.66:46806] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiqz5w5X1D4FZg2ua4gg2AAAAFI"]
[Thu Jun 11 10:11:13.428109 2026] [authz_core:error] [pid 28740:tid 28750] [client 85.204.70.104:56030] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/library/SimplePie/error_log
[Thu Jun 11 10:13:23.435044 2026] [security2:error] [pid 28790:tid 28839] [client 45.148.10.67:21302] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiq0c2ASBxmYCTXNMW4ytQAAARU"]
[Thu Jun 11 10:13:35.408176 2026] [security2:error] [pid 28740:tid 28765] [client 85.204.70.104:59332] ModSecurity: Warning. Matched phrase "gzdecode" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: gzdecode found within REQUEST_FILENAME: /wp-includes/simplepie/library/simplepie/gzdecode.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/library/SimplePie/gzdecode.php"] [unique_id "aiq0f4agfRjXQ0p98P67HgAAABU"]
[Thu Jun 11 10:13:35.408373 2026] [security2:error] [pid 28740:tid 28765] [client 85.204.70.104:59332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/library/SimplePie/gzdecode.php"] [unique_id "aiq0f4agfRjXQ0p98P67HgAAABU"]
[Thu Jun 11 10:13:45.618359 2026] [authz_core:error] [pid 28791:tid 28795] [client 85.204.70.104:46328] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/error_log
[Thu Jun 11 10:13:46.334137 2026] [security2:error] [pid 28740:tid 28765] [client 85.204.70.104:59332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiq0f4agfRjXQ0p98P67HgAAABU"]
[Thu Jun 11 10:13:57.081918 2026] [authz_core:error] [pid 18250:tid 18272] [client 85.204.70.104:46238] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/Cache/error_log
[Thu Jun 11 10:14:45.395238 2026] [security2:error] [pid 28740:tid 28746] [client 85.204.70.104:40542] ModSecurity: Warning. Matched phrase "gzdecode" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: gzdecode found within REQUEST_FILENAME: /wp-includes/simplepie/src/gzdecode.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/src/Gzdecode.php"] [unique_id "aiq0xYagfRjXQ0p98P69TQAAAAI"]
[Thu Jun 11 10:14:45.395451 2026] [security2:error] [pid 28740:tid 28746] [client 85.204.70.104:40542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "support.machen.ai"] [uri "/wp-includes/SimplePie/src/Gzdecode.php"] [unique_id "aiq0xYagfRjXQ0p98P69TQAAAAI"]
[Thu Jun 11 10:14:55.407092 2026] [authz_core:error] [pid 28790:tid 28838] [client 85.204.70.104:60684] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/SimplePie/src/HTTP/error_log
[Thu Jun 11 10:14:57.379148 2026] [security2:error] [pid 28740:tid 28746] [client 85.204.70.104:40542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "support.machen.ai"] [uri "/index.php"] [unique_id "aiq0xYagfRjXQ0p98P69TQAAAAI"]
[Thu Jun 11 10:15:00.002917 2026] [security2:error] [pid 18250:tid 18266] [client 43.153.54.138:60208] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiq01IquOaPLD-GlmkkurwAAAMw"]
[Thu Jun 11 10:15:00.003184 2026] [security2:error] [pid 18250:tid 18266] [client 43.153.54.138:60208] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiq01IquOaPLD-GlmkkurwAAAMw"]
[Thu Jun 11 10:15:00.003929 2026] [security2:error] [pid 18250:tid 18266] [client 43.153.54.138:60208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiq01IquOaPLD-GlmkkurwAAAMw"]
[Thu Jun 11 10:15:00.006816 2026] [security2:error] [pid 18250:tid 18266] [client 43.153.54.138:60208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiq01IquOaPLD-GlmkkurwAAAMw"]
[Thu Jun 11 10:16:09.322025 2026] [security2:error] [pid 28791:tid 28812] [client 45.156.129.56:48868] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiq1Gf9E86NgzsLW5NdGGQAAAJY"], referer: http://13.84.161.190/
[Thu Jun 11 10:17:23.650227 2026] [authz_core:error] [pid 28740:tid 28747] [client 85.204.70.104:57782] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/customize/error_log
[Thu Jun 11 10:18:32.820481 2026] [security2:error] [pid 28790:tid 28838] [client 155.133.23.242:43410] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiq1qGASBxmYCTXNMW441QAAARQ"]
[Thu Jun 11 10:18:32.820774 2026] [security2:error] [pid 28790:tid 28838] [client 155.133.23.242:43410] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiq1qGASBxmYCTXNMW441QAAARQ"]
[Thu Jun 11 10:18:32.821113 2026] [security2:error] [pid 28790:tid 28838] [client 155.133.23.242:43410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiq1qGASBxmYCTXNMW441QAAARQ"]
[Thu Jun 11 10:18:32.821362 2026] [security2:error] [pid 28790:tid 28838] [client 155.133.23.242:43410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiq1qGASBxmYCTXNMW441QAAARQ"]
[Thu Jun 11 10:19:00.485914 2026] [cgid:error] [pid 28790:tid 28820] [client 85.204.70.104:46718] AH01265: stderr from /disk001/machen/public_html/support/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 10:20:14.440607 2026] [core:error] [pid 28791:tid 28908] [client 121.204.162.111:57796] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 10:25:41.744890 2026] [authz_core:error] [pid 18250:tid 18277] [client 85.204.70.104:52236] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-content/plugins/akismet/
[Thu Jun 11 10:25:53.500395 2026] [authz_core:error] [pid 18250:tid 18268] [client 85.204.70.104:49200] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/block-patterns/error_log
[Thu Jun 11 10:26:04.991531 2026] [authz_core:error] [pid 18250:tid 18270] [client 85.204.70.104:48018] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/block-supports/error_log
[Thu Jun 11 10:26:19.579142 2026] [security2:error] [pid 28790:tid 28829] [client 103.168.66.141:54528] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /api/v1/totp/user-backup-code/../../system/system-information"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "machen.ai"] [uri "/api/v1/system/system-information"] [unique_id "aiq3e2ASBxmYCTXNMW5AhAAAAQs"], referer: https://machen.ai/
[Thu Jun 11 10:26:19.582693 2026] [security2:error] [pid 28790:tid 28829] [client 103.168.66.141:54528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/api/v1/system/system-information"] [unique_id "aiq3e2ASBxmYCTXNMW5AhAAAAQs"], referer: https://machen.ai/
[Thu Jun 11 10:26:21.169895 2026] [security2:error] [pid 28790:tid 28829] [client 103.168.66.141:54528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3e2ASBxmYCTXNMW5AhAAAAQs"], referer: https://machen.ai/
[Thu Jun 11 10:26:21.442618 2026] [mpm_worker:error] [pid 1897:tid 1897] AH00288: scoreboard is full, not at MaxRequestWorkers
[Thu Jun 11 10:26:21.817921 2026] [authz_core:error] [pid 28790:tid 28832] [client 85.204.70.104:35558] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/html-api/error_log
[Thu Jun 11 10:26:23.765425 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f4agfRjXQ0p98P7GlgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.765768 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f4agfRjXQ0p98P7GlgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.769418 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3fw5X1D4FZg2ua4gvHQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.769770 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3fw5X1D4FZg2ua4gvHQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.772940 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3fw5X1D4FZg2ua4gvHgAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.773177 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3fw5X1D4FZg2ua4gvHgAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.776325 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f_9E86NgzsLW5NdRsQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.776558 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f_9E86NgzsLW5NdRsQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.778184 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f2ASBxmYCTXNMW5AkgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.778404 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f2ASBxmYCTXNMW5AkgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.778451 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3f2ASBxmYCTXNMW5AkwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.780169 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3fw5X1D4FZg2ua4gvHwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.781795 2026] [security2:error] [pid 28740:tid 28746] [client 103.168.66.141:54712] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/HEAD"] [unique_id "aiq3f4agfRjXQ0p98P7GlwAAAAI"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.782049 2026] [security2:error] [pid 28740:tid 28746] [client 103.168.66.141:54712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/HEAD"] [unique_id "aiq3f4agfRjXQ0p98P7GlwAAAAI"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.788009 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3f4quOaPLD-Glmkk4MgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.788303 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3f4quOaPLD-Glmkk4MgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.790266 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3f2ASBxmYCTXNMW5AkwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.795065 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3fw5X1D4FZg2ua4gvIQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.795501 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3fw5X1D4FZg2ua4gvIQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.796458 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3fw5X1D4FZg2ua4gvHwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.798491 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3fw5X1D4FZg2ua4gvIQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.798713 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f_9E86NgzsLW5NdRtAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.798957 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3f_9E86NgzsLW5NdRtAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.805074 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3f4agfRjXQ0p98P7GnAAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:23.805381 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3f4agfRjXQ0p98P7GnAAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:24.921119 2026] [security2:error] [pid 28740:tid 28746] [client 103.168.66.141:54712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f4agfRjXQ0p98P7GlwAAAAI"], referer: https://machen.ai/
[Thu Jun 11 10:26:24.939625 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f2ASBxmYCTXNMW5AkwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:24.964231 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3gGASBxmYCTXNMW5AlwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:24.964496 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3gGASBxmYCTXNMW5AlwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:24.997621 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3fw5X1D4FZg2ua4gvIQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.021756 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.022176 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.022442 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.295201 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3fw5X1D4FZg2ua4gvHgAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.318339 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.318769 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.370906 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f_9E86NgzsLW5NdRtAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.390952 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3fw5X1D4FZg2ua4gvHQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.394243 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gf9E86NgzsLW5NdRuwAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.394704 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gf9E86NgzsLW5NdRuwAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.412676 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gQ5X1D4FZg2ua4gvKQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.412998 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gQ5X1D4FZg2ua4gvKQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.426660 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/etc/nginx/nginx.conf"] [unique_id "aiq3gYquOaPLD-Glmkk4OAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.427544 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/etc/nginx/nginx.conf"] [unique_id "aiq3gYquOaPLD-Glmkk4OAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.772195 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f_9E86NgzsLW5NdRsQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.793620 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gf9E86NgzsLW5NdRvQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.793926 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gf9E86NgzsLW5NdRvQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.841085 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f4agfRjXQ0p98P7GnAAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.860238 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3gYagfRjXQ0p98P7GpgAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.860555 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3gYagfRjXQ0p98P7GpgAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.890706 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3fw5X1D4FZg2ua4gvHwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:25.912997 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f4quOaPLD-Glmkk4MgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.028236 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3goquOaPLD-Glmkk4OQAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.028606 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3goquOaPLD-Glmkk4OQAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.093985 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3goagfRjXQ0p98P7GqAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.094870 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3goagfRjXQ0p98P7GqAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.108683 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f2ASBxmYCTXNMW5AkgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.131730 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gmASBxmYCTXNMW5AmgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.132247 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gmASBxmYCTXNMW5AmgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.153632 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3f4agfRjXQ0p98P7GlgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.178742 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3goagfRjXQ0p98P7GqQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.179008 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3goagfRjXQ0p98P7GqQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.297265 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gGASBxmYCTXNMW5AlwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.363086 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3gmASBxmYCTXNMW5AmwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.363411 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3gmASBxmYCTXNMW5AmwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.506163 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.560988 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gg5X1D4FZg2ua4gvLQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.561384 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gg5X1D4FZg2ua4gvLQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:26.561863 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiq3gg5X1D4FZg2ua4gvLQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.184753 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gQ5X1D4FZg2ua4gvJwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.208134 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gw5X1D4FZg2ua4gvMAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.208602 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gw5X1D4FZg2ua4gvMAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.238157 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gQ5X1D4FZg2ua4gvKQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.261904 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gw5X1D4FZg2ua4gvMQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.262288 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3gw5X1D4FZg2ua4gvMQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.329474 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gf9E86NgzsLW5NdRuwAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.378655 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g_9E86NgzsLW5NdRwgAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.378989 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g_9E86NgzsLW5NdRwgAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.456416 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3goquOaPLD-Glmkk4OQAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.477201 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3g4quOaPLD-Glmkk4PgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.477528 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "aiq3g4quOaPLD-Glmkk4PgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.742939 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gYquOaPLD-Glmkk4OAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.746912 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3goagfRjXQ0p98P7GqQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.775407 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g4quOaPLD-Glmkk4PwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.775869 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g4quOaPLD-Glmkk4PwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.778542 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g4agfRjXQ0p98P7GsAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.778883 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3g4agfRjXQ0p98P7GsAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.926974 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gYagfRjXQ0p98P7GpgAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.952050 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3g4agfRjXQ0p98P7GsQAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:27.952330 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3g4agfRjXQ0p98P7GsQAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.127452 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3goagfRjXQ0p98P7GqAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.151426 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3hIagfRjXQ0p98P7GsgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.152065 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/backup.sql"] [unique_id "aiq3hIagfRjXQ0p98P7GsgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.277331 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gg5X1D4FZg2ua4gvLQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.311200 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3g_9E86NgzsLW5NdRwgAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.331164 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gf9E86NgzsLW5NdRvQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.367807 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3hP9E86NgzsLW5NdRyQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.368219 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3hP9E86NgzsLW5NdRyQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.381145 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gmASBxmYCTXNMW5AmgAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.457993 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gmASBxmYCTXNMW5AmwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.576731 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3hGASBxmYCTXNMW5AogAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.577115 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq3hGASBxmYCTXNMW5AogAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:28.919295 2026] [security2:error] [pid 28740:tid 28765] [client 103.168.66.141:54492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3g4agfRjXQ0p98P7GsQAAABU"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.280238 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gw5X1D4FZg2ua4gvMAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.561893 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3g4agfRjXQ0p98P7GsAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.601556 2026] [security2:error] [pid 2041:tid 2046] [client 103.168.66.141:54820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3gw5X1D4FZg2ua4gvMQAAAEE"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.657595 2026] [security2:error] [pid 18250:tid 18266] [client 103.168.66.141:54782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3g4quOaPLD-Glmkk4PgAAAMw"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.902635 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hP9E86NgzsLW5NdRyQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.906329 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3g4quOaPLD-Glmkk4PwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.913933 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hQ5X1D4FZg2ua4gvQAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.914360 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hQ5X1D4FZg2ua4gvQAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.914672 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hQ5X1D4FZg2ua4gvQAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.932949 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiq3hYquOaPLD-Glmkk4RQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:29.933167 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiq3hYquOaPLD-Glmkk4RQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:30.115493 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hIagfRjXQ0p98P7GsgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:30.504438 2026] [security2:error] [pid 28790:tid 28823] [client 103.168.66.141:54628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hGASBxmYCTXNMW5AogAAAQU"], referer: https://machen.ai/
[Thu Jun 11 10:26:30.591555 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3hmASBxmYCTXNMW5ApwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:30.591950 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3hmASBxmYCTXNMW5ApwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.268994 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hQ5X1D4FZg2ua4gvQAAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.286923 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hw5X1D4FZg2ua4gvSQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.287357 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hw5X1D4FZg2ua4gvSQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.287732 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3hw5X1D4FZg2ua4gvSQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.555807 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3h4agfRjXQ0p98P7GwgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.556485 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3h4agfRjXQ0p98P7GwgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:31.714962 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hYquOaPLD-Glmkk4RQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.273966 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hmASBxmYCTXNMW5ApwAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.295418 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3iGASBxmYCTXNMW5ArgAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.295805 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3iGASBxmYCTXNMW5ArgAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.761625 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3hw5X1D4FZg2ua4gvSQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.785505 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3iA5X1D4FZg2ua4gvUgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.786048 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3iA5X1D4FZg2ua4gvUgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.786350 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php~"] [unique_id "aiq3iA5X1D4FZg2ua4gvUgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.952556 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3h4agfRjXQ0p98P7GwgAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.969882 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3iIagfRjXQ0p98P7GyAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:32.970535 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3iIagfRjXQ0p98P7GyAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:33.872005 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iGASBxmYCTXNMW5ArgAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:33.892189 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3iWASBxmYCTXNMW5AtAAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:33.892480 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/config"] [unique_id "aiq3iWASBxmYCTXNMW5AtAAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.047464 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3ioagfRjXQ0p98P7GzQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.047845 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3ioagfRjXQ0p98P7GzQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.157256 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iv9E86NgzsLW5NdR4wAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.157612 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iv9E86NgzsLW5NdR4wAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.242319 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3ig5X1D4FZg2ua4gvWAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.242621 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3ig5X1D4FZg2ua4gvWAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.311805 2026] [security2:error] [pid 28740:tid 28754] [client 103.168.66.141:54426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iIagfRjXQ0p98P7GyAAAAAo"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.390853 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iA5X1D4FZg2ua4gvUgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.401342 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3iv9E86NgzsLW5NdR5gAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.402126 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dump.sql"] [unique_id "aiq3iv9E86NgzsLW5NdR5gAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.489439 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase ".ssh/id_dsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_dsa found within REQUEST_FILENAME: /.ssh/id_dsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3ig5X1D4FZg2ua4gvWwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:34.489834 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3ig5X1D4FZg2ua4gvWwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.068313 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ig5X1D4FZg2ua4gvWAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.310887 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iw5X1D4FZg2ua4gvXwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.311222 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iw5X1D4FZg2ua4gvXwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.455078 2026] [security2:error] [pid 28790:tid 28840] [client 103.168.66.141:54754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iWASBxmYCTXNMW5AtAAAARY"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.716515 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ig5X1D4FZg2ua4gvWwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.730150 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iv9E86NgzsLW5NdR4wAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.758353 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iw5X1D4FZg2ua4gvYAAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.758797 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3iw5X1D4FZg2ua4gvYAAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.762436 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Matched phrase ".ssh/id_dsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_dsa found within REQUEST_FILENAME: /.ssh/id_dsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3i_9E86NgzsLW5NdR7gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.762649 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3i_9E86NgzsLW5NdR7gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.803368 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ioagfRjXQ0p98P7GzQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.826085 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3i4agfRjXQ0p98P7G1AAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.826541 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3i4agfRjXQ0p98P7G1AAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:35.986566 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iv9E86NgzsLW5NdR5gAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.272191 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iw5X1D4FZg2ua4gvXwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.300060 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3jA5X1D4FZg2ua4gvZQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.300395 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3jA5X1D4FZg2ua4gvZQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.341864 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jA5X1D4FZg2ua4gvZgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.342339 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jA5X1D4FZg2ua4gvZgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:36.342651 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jA5X1D4FZg2ua4gvZgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.112828 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3jYquOaPLD-Glmkk4WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.113038 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3jYquOaPLD-Glmkk4WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.142870 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3iw5X1D4FZg2ua4gvYAAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.180730 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3i4agfRjXQ0p98P7G1AAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.198442 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3jYagfRjXQ0p98P7G2gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.198716 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiq3jYagfRjXQ0p98P7G2gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.238903 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3i_9E86NgzsLW5NdR7gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.250785 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3jQ5X1D4FZg2ua4gvaQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.251164 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3jQ5X1D4FZg2ua4gvaQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.268106 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3jf9E86NgzsLW5NdR9gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.268908 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3jf9E86NgzsLW5NdR9gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.277482 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Matched phrase ".ssh/id_dsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_dsa found within REQUEST_FILENAME: /.ssh/id_dsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3jf9E86NgzsLW5NdR9wAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.277759 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_dsa"] [unique_id "aiq3jf9E86NgzsLW5NdR9wAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.695068 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jA5X1D4FZg2ua4gvZgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.863064 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jQ5X1D4FZg2ua4gvbQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.863467 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jQ5X1D4FZg2ua4gvbQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.864094 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jQ5X1D4FZg2ua4gvbQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:37.869453 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jA5X1D4FZg2ua4gvZQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.371939 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jYquOaPLD-Glmkk4WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.621934 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jQ5X1D4FZg2ua4gvaQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.656220 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jf9E86NgzsLW5NdR9wAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.717367 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jf9E86NgzsLW5NdR9gAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.734884 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jYagfRjXQ0p98P7G2gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.739530 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jQ5X1D4FZg2ua4gvbQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.741264 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3jv9E86NgzsLW5NdSAAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.741945 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3jv9E86NgzsLW5NdSAAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.761765 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jg5X1D4FZg2ua4gvcgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.762275 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jg5X1D4FZg2ua4gvcgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:38.762612 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiq3jg5X1D4FZg2ua4gvcgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:39.049801 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3jw5X1D4FZg2ua4gvdAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:39.050131 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3jw5X1D4FZg2ua4gvdAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.011912 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jw5X1D4FZg2ua4gvdAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.053130 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kA5X1D4FZg2ua4gveQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.053461 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kA5X1D4FZg2ua4gveQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.171467 2026] [security2:error] [pid 28791:tid 28802] [client 103.168.66.141:54758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jv9E86NgzsLW5NdSAAAAAIs"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.347222 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3jg5X1D4FZg2ua4gvcgAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.365873 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3kIagfRjXQ0p98P7G5wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.366637 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db.sql"] [unique_id "aiq3kIagfRjXQ0p98P7G5wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.404396 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kA5X1D4FZg2ua4gvegAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:40.412310 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kA5X1D4FZg2ua4gvegAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.101044 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/static../etc/nginx/nginx.conf"] [unique_id "aiq3kYquOaPLD-Glmkk4ZAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.101793 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static../etc/nginx/nginx.conf"] [unique_id "aiq3kYquOaPLD-Glmkk4ZAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.258645 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kIagfRjXQ0p98P7G5wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.277475 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa.pem"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3kf9E86NgzsLW5NdSEQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.277868 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3kf9E86NgzsLW5NdSEQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.317751 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kA5X1D4FZg2ua4gvegAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.349688 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kQ5X1D4FZg2ua4gvgQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.350046 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kQ5X1D4FZg2ua4gvgQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.537167 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kA5X1D4FZg2ua4gveQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.564311 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kQ5X1D4FZg2ua4gvhAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.564508 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kQ5X1D4FZg2ua4gvhAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.909503 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kYquOaPLD-Glmkk4ZAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.969088 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static../.env"] [unique_id "aiq3kYquOaPLD-Glmkk4ZwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:41.969554 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static../.env"] [unique_id "aiq3kYquOaPLD-Glmkk4ZwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.282975 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3koagfRjXQ0p98P7G7wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.283712 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3koagfRjXQ0p98P7G7wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.400264 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kQ5X1D4FZg2ua4gvgQAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.438329 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kf9E86NgzsLW5NdSEQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.456175 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa.pem"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3kv9E86NgzsLW5NdSFwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.456636 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3kv9E86NgzsLW5NdSFwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.759727 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kg5X1D4FZg2ua4gvhwAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.760071 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3kg5X1D4FZg2ua4gvhwAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.768049 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kQ5X1D4FZg2ua4gvhAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:42.937441 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kYquOaPLD-Glmkk4ZwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.025324 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static../wp-config.php"] [unique_id "aiq3k4quOaPLD-Glmkk4aQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.025623 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static../wp-config.php"] [unique_id "aiq3k4quOaPLD-Glmkk4aQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.109437 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3koagfRjXQ0p98P7G7wAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.123504 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3k4agfRjXQ0p98P7G8gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.124275 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3k4agfRjXQ0p98P7G8gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.467075 2026] [security2:error] [pid 2041:tid 2047] [client 103.168.66.141:54672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kg5X1D4FZg2ua4gvhwAAAEI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.692144 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3k4agfRjXQ0p98P7G8gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.819940 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3k4agfRjXQ0p98P7G9gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.820659 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/database.sql"] [unique_id "aiq3k4agfRjXQ0p98P7G9gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.834175 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3kw5X1D4FZg2ua4gvjwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.834464 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3kw5X1D4FZg2ua4gvjwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.940275 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kv9E86NgzsLW5NdSFwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.965106 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa.pem"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3k_9E86NgzsLW5NdSIgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:43.965312 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ssh/id_rsa.pem"] [unique_id "aiq3k_9E86NgzsLW5NdSIgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:44.417905 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3k4quOaPLD-Glmkk4aQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:44.445204 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static../.git/config"] [unique_id "aiq3lIquOaPLD-Glmkk4bgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:44.445523 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static../.git/config"] [unique_id "aiq3lIquOaPLD-Glmkk4bgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.012124 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3k_9E86NgzsLW5NdSIgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.106153 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3k4agfRjXQ0p98P7G9gAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.215562 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3kw5X1D4FZg2ua4gvjwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.264245 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.264674 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.295566 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.295931 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.909159 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3lf9E86NgzsLW5NdSLgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.909872 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3lf9E86NgzsLW5NdSLgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:45.957530 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lIquOaPLD-Glmkk4bgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.367771 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.410237 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3lg5X1D4FZg2ua4gvngAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.410536 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/config/database.yml"] [unique_id "aiq3lg5X1D4FZg2ua4gvngAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.527795 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lQ5X1D4FZg2ua4gvmAAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.553848 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lg5X1D4FZg2ua4gvnwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:46.554119 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lg5X1D4FZg2ua4gvnwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.091947 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/files../etc/nginx/nginx.conf"] [unique_id "aiq3l4quOaPLD-Glmkk4dAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.092645 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files../etc/nginx/nginx.conf"] [unique_id "aiq3l4quOaPLD-Glmkk4dAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.300177 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lf9E86NgzsLW5NdSLgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.316412 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3l_9E86NgzsLW5NdSOAAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.317154 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3l_9E86NgzsLW5NdSOAAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.424814 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3l4agfRjXQ0p98P7HBAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.425550 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3l4agfRjXQ0p98P7HBAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.638835 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lg5X1D4FZg2ua4gvnwAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.657203 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lw5X1D4FZg2ua4gvpQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.657540 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiq3lw5X1D4FZg2ua4gvpQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:47.763848 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lg5X1D4FZg2ua4gvngAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.251893 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3l4quOaPLD-Glmkk4dAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.280457 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files../.env"] [unique_id "aiq3mIquOaPLD-Glmkk4dgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.280820 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files../.env"] [unique_id "aiq3mIquOaPLD-Glmkk4dgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.366356 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3l_9E86NgzsLW5NdSOAAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.440552 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3l4agfRjXQ0p98P7HBAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.471179 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3mP9E86NgzsLW5NdSPwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.471982 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/server.key"] [unique_id "aiq3mP9E86NgzsLW5NdSPwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.530903 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3mIagfRjXQ0p98P7HCQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:48.531608 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3mIagfRjXQ0p98P7HCQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.014154 2026] [security2:error] [pid 2041:tid 2056] [client 103.168.66.141:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3lw5X1D4FZg2ua4gvpQAAAEs"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.218913 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mIagfRjXQ0p98P7HCQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.242234 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3mYagfRjXQ0p98P7HDAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.242850 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/db_backup.sql"] [unique_id "aiq3mYagfRjXQ0p98P7HDAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.312096 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mIquOaPLD-Glmkk4dgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.333396 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files../wp-config.php"] [unique_id "aiq3mYquOaPLD-Glmkk4eAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.333634 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files../wp-config.php"] [unique_id "aiq3mYquOaPLD-Glmkk4eAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:49.685812 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mP9E86NgzsLW5NdSPwAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.210352 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mYagfRjXQ0p98P7HDAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.385395 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mYquOaPLD-Glmkk4eAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.401505 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files../.git/config"] [unique_id "aiq3moquOaPLD-Glmkk4fAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.401863 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files../.git/config"] [unique_id "aiq3moquOaPLD-Glmkk4fAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.924815 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3mv9E86NgzsLW5NdSTgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:50.925438 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3mv9E86NgzsLW5NdSTgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.275509 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3moquOaPLD-Glmkk4fAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.476909 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3m4agfRjXQ0p98P7HFQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.477704 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3m4agfRjXQ0p98P7HFQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.604196 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3mv9E86NgzsLW5NdSTgAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.659277 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3m_9E86NgzsLW5NdSVQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:51.659973 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3m_9E86NgzsLW5NdSVQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.395780 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/assets../etc/nginx/nginx.conf"] [unique_id "aiq3nIquOaPLD-Glmkk4gAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.396525 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets../etc/nginx/nginx.conf"] [unique_id "aiq3nIquOaPLD-Glmkk4gAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.732324 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3m_9E86NgzsLW5NdSVQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.743853 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3m4agfRjXQ0p98P7HFQAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.753991 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3nP9E86NgzsLW5NdSXQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.754750 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/private.key"] [unique_id "aiq3nP9E86NgzsLW5NdSXQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.767961 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3nIagfRjXQ0p98P7HGgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:52.768494 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3nIagfRjXQ0p98P7HGgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.187389 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nIquOaPLD-Glmkk4gAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.187941 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nf9E86NgzsLW5NdSYAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.188364 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nf9E86NgzsLW5NdSYAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.188722 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nf9E86NgzsLW5NdSYAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.222830 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets../.env"] [unique_id "aiq3nYquOaPLD-Glmkk4gwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.223159 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets../.env"] [unique_id "aiq3nYquOaPLD-Glmkk4gwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.587037 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nP9E86NgzsLW5NdSXQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.733525 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3nQ5X1D4FZg2ua4gvwgAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.733930 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3nQ5X1D4FZg2ua4gvwgAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.754939 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nIagfRjXQ0p98P7HGgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.818789 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3nYagfRjXQ0p98P7HHgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:53.819493 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/mysql.sql"] [unique_id "aiq3nYagfRjXQ0p98P7HHgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.293255 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nf9E86NgzsLW5NdSYAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.457672 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nYquOaPLD-Glmkk4gwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.570984 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nv9E86NgzsLW5NdSZwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.571431 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nv9E86NgzsLW5NdSZwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.571837 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3nv9E86NgzsLW5NdSZwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.578192 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nQ5X1D4FZg2ua4gvwgAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.587626 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets../wp-config.php"] [unique_id "aiq3noquOaPLD-Glmkk4hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.587862 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets../wp-config.php"] [unique_id "aiq3noquOaPLD-Glmkk4hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.594982 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3ng5X1D4FZg2ua4gvxwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.595340 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3ng5X1D4FZg2ua4gvxwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.626035 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nYagfRjXQ0p98P7HHgAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.686035 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3nv9E86NgzsLW5NdSagAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:54.686848 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3nv9E86NgzsLW5NdSagAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.445098 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ng5X1D4FZg2ua4gvxwAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.466603 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3nw5X1D4FZg2ua4gvzQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.466823 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/files/.env"] [unique_id "aiq3nw5X1D4FZg2ua4gvzQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.664963 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nv9E86NgzsLW5NdSZwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.692275 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3n_9E86NgzsLW5NdScAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.692786 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3n_9E86NgzsLW5NdScAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.693109 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiq3n_9E86NgzsLW5NdScAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.704675 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3n4agfRjXQ0p98P7HKAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.705340 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3n4agfRjXQ0p98P7HKAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.818020 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nv9E86NgzsLW5NdSagAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.836181 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3n_9E86NgzsLW5NdScQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.836870 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3n_9E86NgzsLW5NdScQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.860625 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3noquOaPLD-Glmkk4hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.897328 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets../.git/config"] [unique_id "aiq3n4quOaPLD-Glmkk4iQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:55.897653 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets../.git/config"] [unique_id "aiq3n4quOaPLD-Glmkk4iQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.151998 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3nw5X1D4FZg2ua4gvzQAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.725316 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3n_9E86NgzsLW5NdScAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.865225 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3n4agfRjXQ0p98P7HKAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.878557 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3n_9E86NgzsLW5NdScQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.969979 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3oIagfRjXQ0p98P7HLAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.970730 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3oIagfRjXQ0p98P7HLAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.973609 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3oP9E86NgzsLW5NdSeQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:56.974354 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/ssl.key"] [unique_id "aiq3oP9E86NgzsLW5NdSeQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.388230 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3n4quOaPLD-Glmkk4iQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.546607 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3oQ5X1D4FZg2ua4gv1gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.546996 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3oQ5X1D4FZg2ua4gv1gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.671773 2026] [security2:error] [pid 28791:tid 28808] [client 103.168.66.141:54596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3oP9E86NgzsLW5NdSeQAAAJI"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.988533 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/uploads../etc/nginx/nginx.conf"] [unique_id "aiq3oYquOaPLD-Glmkk4jgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:57.989188 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads../etc/nginx/nginx.conf"] [unique_id "aiq3oYquOaPLD-Glmkk4jgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.033417 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3oIagfRjXQ0p98P7HLAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.065078 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3ooagfRjXQ0p98P7HMAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.066017 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/data.sql"] [unique_id "aiq3ooagfRjXQ0p98P7HMAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.457155 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3oQ5X1D4FZg2ua4gv1gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.481910 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3og5X1D4FZg2ua4gv2gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:58.482161 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3og5X1D4FZg2ua4gv2gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.036127 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3oYquOaPLD-Glmkk4jgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.094150 2026] [security2:error] [pid 28740:tid 28758] [client 103.168.66.141:54466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ooagfRjXQ0p98P7HMAAAAA4"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.261003 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3og5X1D4FZg2ua4gv2gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.402419 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads../.env"] [unique_id "aiq3o_9E86NgzsLW5NdShwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.402768 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads../.env"] [unique_id "aiq3o_9E86NgzsLW5NdShwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.457095 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3ow5X1D4FZg2ua4gv3gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:26:59.457381 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/static/.env"] [unique_id "aiq3ow5X1D4FZg2ua4gv3gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.100257 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3ow5X1D4FZg2ua4gv3gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.140364 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pIquOaPLD-Glmkk4lQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.141160 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pIquOaPLD-Glmkk4lQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.278638 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3o_9E86NgzsLW5NdShwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.294912 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads../wp-config.php"] [unique_id "aiq3pP9E86NgzsLW5NdSjAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:00.295377 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads../wp-config.php"] [unique_id "aiq3pP9E86NgzsLW5NdSjAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.062274 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pIquOaPLD-Glmkk4lQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.087621 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pYquOaPLD-Glmkk4lwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.088485 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pYquOaPLD-Glmkk4lwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.144733 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.145119 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.339000 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pP9E86NgzsLW5NdSjAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.468652 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads../.git/config"] [unique_id "aiq3pf9E86NgzsLW5NdSkQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.468940 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads../.git/config"] [unique_id "aiq3pf9E86NgzsLW5NdSkQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.709721 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pYquOaPLD-Glmkk4lwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.762003 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.797533 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.798273 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/site.sql"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.815983 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3pYquOaPLD-Glmkk4mgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.816269 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3pYquOaPLD-Glmkk4mgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:01.976064 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pf9E86NgzsLW5NdSkQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.422902 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pYquOaPLD-Glmkk4mgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.463737 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3poquOaPLD-Glmkk4nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.464275 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/assets/.env"] [unique_id "aiq3poquOaPLD-Glmkk4nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.625055 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pQ5X1D4FZg2ua4gv5wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.898424 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/media../etc/nginx/nginx.conf"] [unique_id "aiq3pv9E86NgzsLW5NdSmwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:02.899238 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media../etc/nginx/nginx.conf"] [unique_id "aiq3pv9E86NgzsLW5NdSmwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:03.268756 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3poquOaPLD-Glmkk4nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:03.523711 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3pw5X1D4FZg2ua4gv7gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:03.524437 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3pw5X1D4FZg2ua4gv7gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:03.948134 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3p4quOaPLD-Glmkk4owAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:03.948508 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3p4quOaPLD-Glmkk4owAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.107982 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pv9E86NgzsLW5NdSmwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.129134 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media../.env"] [unique_id "aiq3qP9E86NgzsLW5NdSoQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.129370 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media../.env"] [unique_id "aiq3qP9E86NgzsLW5NdSoQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.482121 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3pw5X1D4FZg2ua4gv7gAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.547820 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3qA5X1D4FZg2ua4gv8QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.548524 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3qA5X1D4FZg2ua4gv8QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.717399 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3p4quOaPLD-Glmkk4owAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.759191 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3qIquOaPLD-Glmkk4pwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:04.759560 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3qIquOaPLD-Glmkk4pwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.086873 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qP9E86NgzsLW5NdSoQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.114229 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media../wp-config.php"] [unique_id "aiq3qf9E86NgzsLW5NdSpAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.114549 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media../wp-config.php"] [unique_id "aiq3qf9E86NgzsLW5NdSpAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.407653 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qIquOaPLD-Glmkk4pwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.448442 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3qYquOaPLD-Glmkk4qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.448802 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public/.env"] [unique_id "aiq3qYquOaPLD-Glmkk4qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.735744 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qA5X1D4FZg2ua4gv8QAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:05.999377 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3qQ5X1D4FZg2ua4gv9wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.008370 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wordpress.sql"] [unique_id "aiq3qQ5X1D4FZg2ua4gv9wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.118983 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qf9E86NgzsLW5NdSpAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.161060 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media../.git/config"] [unique_id "aiq3qv9E86NgzsLW5NdSqgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.161324 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media../.git/config"] [unique_id "aiq3qv9E86NgzsLW5NdSqgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.585991 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qYquOaPLD-Glmkk4qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.674909 2026] [security2:error] [pid 2041:tid 2066] [client 103.168.66.141:54578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qQ5X1D4FZg2ua4gv9wAAAFU"], referer: https://machen.ai/
[Thu Jun 11 10:27:06.815841 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3qv9E86NgzsLW5NdSqgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:07.529043 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3q4quOaPLD-Glmkk4swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:07.529323 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3q4quOaPLD-Glmkk4swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.075750 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/img../etc/nginx/nginx.conf"] [unique_id "aiq3rP9E86NgzsLW5NdSsgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.076541 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/img../etc/nginx/nginx.conf"] [unique_id "aiq3rP9E86NgzsLW5NdSsgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.389780 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3q4quOaPLD-Glmkk4swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.668204 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3rIquOaPLD-Glmkk4uQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.668484 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3rIquOaPLD-Glmkk4uQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.838326 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3rP9E86NgzsLW5NdSsgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.893123 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/img../.env"] [unique_id "aiq3rP9E86NgzsLW5NdStgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:08.893437 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/img../.env"] [unique_id "aiq3rP9E86NgzsLW5NdStgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.526358 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3rIquOaPLD-Glmkk4uQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.653822 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3rYquOaPLD-Glmkk4vQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.654167 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist/.env"] [unique_id "aiq3rYquOaPLD-Glmkk4vQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.677093 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3rP9E86NgzsLW5NdStgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.936237 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/img../wp-config.php"] [unique_id "aiq3rf9E86NgzsLW5NdSugAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:09.936594 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/img../wp-config.php"] [unique_id "aiq3rf9E86NgzsLW5NdSugAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:10.504809 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3rYquOaPLD-Glmkk4vQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:10.607155 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3rf9E86NgzsLW5NdSugAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:10.698349 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/img../.git/config"] [unique_id "aiq3roquOaPLD-Glmkk4wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:10.698787 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/img../.git/config"] [unique_id "aiq3roquOaPLD-Glmkk4wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:11.817520 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3roquOaPLD-Glmkk4wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:11.964907 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3r_9E86NgzsLW5NdSxQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:11.965182 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3r_9E86NgzsLW5NdSxQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:12.728951 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3r_9E86NgzsLW5NdSxQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:12.832156 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3sP9E86NgzsLW5NdSyAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:12.832443 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3sP9E86NgzsLW5NdSyAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:12.944186 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/js../etc/nginx/nginx.conf"] [unique_id "aiq3sIquOaPLD-Glmkk4zQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:12.944886 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/js../etc/nginx/nginx.conf"] [unique_id "aiq3sIquOaPLD-Glmkk4zQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.524386 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3sP9E86NgzsLW5NdSyAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.569591 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3sf9E86NgzsLW5NdSzQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.569918 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build/.env"] [unique_id "aiq3sf9E86NgzsLW5NdSzQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.731012 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3sIquOaPLD-Glmkk4zQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.762662 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/js../.env"] [unique_id "aiq3sYquOaPLD-Glmkk40QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:13.762950 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/js../.env"] [unique_id "aiq3sYquOaPLD-Glmkk40QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:14.263338 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3sf9E86NgzsLW5NdSzQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:14.535241 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3sYquOaPLD-Glmkk40QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:14.576109 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/js../wp-config.php"] [unique_id "aiq3soquOaPLD-Glmkk41QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:14.576435 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/js../wp-config.php"] [unique_id "aiq3soquOaPLD-Glmkk41QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:15.312254 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3s_9E86NgzsLW5NdS1AAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:15.312701 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3s_9E86NgzsLW5NdS1AAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:15.703906 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3soquOaPLD-Glmkk41QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:15.819396 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/js../.git/config"] [unique_id "aiq3s4quOaPLD-Glmkk42wAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:15.819742 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/js../.git/config"] [unique_id "aiq3s4quOaPLD-Glmkk42wAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:16.253938 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3s_9E86NgzsLW5NdS1AAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:16.298447 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3tP9E86NgzsLW5NdS2QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:16.298799 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3tP9E86NgzsLW5NdS2QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:16.700138 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3s4quOaPLD-Glmkk42wAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:17.165316 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3tP9E86NgzsLW5NdS2QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:17.431122 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3tf9E86NgzsLW5NdS3gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:17.431634 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web/.env"] [unique_id "aiq3tf9E86NgzsLW5NdS3gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:17.993214 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/css../etc/nginx/nginx.conf"] [unique_id "aiq3tYquOaPLD-Glmkk45QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:17.994056 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/css../etc/nginx/nginx.conf"] [unique_id "aiq3tYquOaPLD-Glmkk45QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:18.406011 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3tf9E86NgzsLW5NdS3gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:18.902919 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3tYquOaPLD-Glmkk45QAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:18.941234 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/css../.env"] [unique_id "aiq3toquOaPLD-Glmkk46gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:18.941693 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/css../.env"] [unique_id "aiq3toquOaPLD-Glmkk46gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:19.293437 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3t_9E86NgzsLW5NdS5gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:19.293850 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3t_9E86NgzsLW5NdS5gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:19.809913 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3toquOaPLD-Glmkk46gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:19.841053 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/css../wp-config.php"] [unique_id "aiq3t4quOaPLD-Glmkk47gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:19.841350 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/css../wp-config.php"] [unique_id "aiq3t4quOaPLD-Glmkk47gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.303120 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3t_9E86NgzsLW5NdS5gAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.341619 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3uP9E86NgzsLW5NdS6wAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.342003 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3uP9E86NgzsLW5NdS6wAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.665147 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3t4quOaPLD-Glmkk47gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.726434 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/css../.git/config"] [unique_id "aiq3uIquOaPLD-Glmkk48gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:20.727293 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/css../.git/config"] [unique_id "aiq3uIquOaPLD-Glmkk48gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:21.347126 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3uP9E86NgzsLW5NdS6wAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:21.390733 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3uIquOaPLD-Glmkk48gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:21.440192 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3uYquOaPLD-Glmkk49AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:21.440454 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/media/.env"] [unique_id "aiq3uYquOaPLD-Glmkk49AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:22.294687 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3uYquOaPLD-Glmkk49AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:22.394784 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/images../etc/nginx/nginx.conf"] [unique_id "aiq3uv9E86NgzsLW5NdS9QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:22.395741 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/images../etc/nginx/nginx.conf"] [unique_id "aiq3uv9E86NgzsLW5NdS9QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.244630 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3uv9E86NgzsLW5NdS9QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.317149 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/images../.env"] [unique_id "aiq3u_9E86NgzsLW5NdS-QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.317426 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/images../.env"] [unique_id "aiq3u_9E86NgzsLW5NdS-QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.467763 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3u4quOaPLD-Glmkk4_gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.468301 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3u4quOaPLD-Glmkk4_gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:23.994200 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3u_9E86NgzsLW5NdS-QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.032888 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/images../wp-config.php"] [unique_id "aiq3vP9E86NgzsLW5NdS_QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.033264 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/images../wp-config.php"] [unique_id "aiq3vP9E86NgzsLW5NdS_QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.186427 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3u4quOaPLD-Glmkk4_gAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.267847 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3vIquOaPLD-Glmkk5AwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.268067 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3vIquOaPLD-Glmkk5AwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:24.979940 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3vP9E86NgzsLW5NdS_QAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.003105 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/images../.git/config"] [unique_id "aiq3vf9E86NgzsLW5NdTAgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.003675 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/images../.git/config"] [unique_id "aiq3vf9E86NgzsLW5NdTAgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.229957 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3vIquOaPLD-Glmkk5AwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.263773 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3vYquOaPLD-Glmkk5CAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.264089 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/uploads/.env"] [unique_id "aiq3vYquOaPLD-Glmkk5CAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:25.806416 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3vf9E86NgzsLW5NdTAgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:26.450258 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3vYquOaPLD-Glmkk5CAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:26.932640 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/api../etc/nginx/nginx.conf"] [unique_id "aiq3vv9E86NgzsLW5NdTCgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:26.933379 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/api../etc/nginx/nginx.conf"] [unique_id "aiq3vv9E86NgzsLW5NdTCgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:27.665541 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3v4quOaPLD-Glmkk5EgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:27.665889 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3v4quOaPLD-Glmkk5EgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:27.671159 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3vv9E86NgzsLW5NdTCgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:27.737525 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/api../.env"] [unique_id "aiq3v_9E86NgzsLW5NdTDQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:27.737882 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/api../.env"] [unique_id "aiq3v_9E86NgzsLW5NdTDQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.302033 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3v4quOaPLD-Glmkk5EgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.319406 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3wIquOaPLD-Glmkk5FQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.319728 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3wIquOaPLD-Glmkk5FQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.790047 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3v_9E86NgzsLW5NdTDQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.813327 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/api../wp-config.php"] [unique_id "aiq3wP9E86NgzsLW5NdTEwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:28.813662 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/api../wp-config.php"] [unique_id "aiq3wP9E86NgzsLW5NdTEwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.181901 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3wIquOaPLD-Glmkk5FQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.296327 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3wYquOaPLD-Glmkk5GgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.296665 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/storage/.env"] [unique_id "aiq3wYquOaPLD-Glmkk5GgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.625117 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3wP9E86NgzsLW5NdTEwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.763847 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/api../.git/config"] [unique_id "aiq3wf9E86NgzsLW5NdTFgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:29.764096 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/api../.git/config"] [unique_id "aiq3wf9E86NgzsLW5NdTFgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:30.125658 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3wYquOaPLD-Glmkk5GgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:30.674815 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3wf9E86NgzsLW5NdTFgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:31.309022 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3w4quOaPLD-Glmkk5IwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:31.309414 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3w4quOaPLD-Glmkk5IwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:31.796860 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/content../etc/nginx/nginx.conf"] [unique_id "aiq3w_9E86NgzsLW5NdTHwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:31.797703 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/content../etc/nginx/nginx.conf"] [unique_id "aiq3w_9E86NgzsLW5NdTHwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.046295 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3w4quOaPLD-Glmkk5IwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.075759 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3xIquOaPLD-Glmkk5KAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.076094 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3xIquOaPLD-Glmkk5KAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.672978 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3w_9E86NgzsLW5NdTHwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.794029 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/content../.env"] [unique_id "aiq3xP9E86NgzsLW5NdTJAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:32.794299 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/content../.env"] [unique_id "aiq3xP9E86NgzsLW5NdTJAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.068304 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xIquOaPLD-Glmkk5KAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.319331 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3xYquOaPLD-Glmkk5LAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.319700 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aiq3xYquOaPLD-Glmkk5LAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.549931 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xP9E86NgzsLW5NdTJAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.603265 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/content../wp-config.php"] [unique_id "aiq3xf9E86NgzsLW5NdTJwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.603614 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/content../wp-config.php"] [unique_id "aiq3xf9E86NgzsLW5NdTJwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:33.954306 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xYquOaPLD-Glmkk5LAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.136701 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xf9E86NgzsLW5NdTJwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.166018 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/content../.git/config"] [unique_id "aiq3xv9E86NgzsLW5NdTKwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.166291 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/content../.git/config"] [unique_id "aiq3xv9E86NgzsLW5NdTKwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.852969 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xv9E86NgzsLW5NdTKwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.895982 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3xoquOaPLD-Glmkk5NgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.896410 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3xoquOaPLD-Glmkk5NgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:34.896920 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3xoquOaPLD-Glmkk5NgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.666933 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3xoquOaPLD-Glmkk5NgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.765240 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3x4quOaPLD-Glmkk5OgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.765847 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3x4quOaPLD-Glmkk5OgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.766202 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3x4quOaPLD-Glmkk5OgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.868892 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/public../etc/nginx/nginx.conf"] [unique_id "aiq3x_9E86NgzsLW5NdTMwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:35.869636 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public../etc/nginx/nginx.conf"] [unique_id "aiq3x_9E86NgzsLW5NdTMwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.597006 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3x4quOaPLD-Glmkk5OgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.635885 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3yIquOaPLD-Glmkk5PQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.636300 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3yIquOaPLD-Glmkk5PQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.636631 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aiq3yIquOaPLD-Glmkk5PQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.817536 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3x_9E86NgzsLW5NdTMwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.841100 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public../.env"] [unique_id "aiq3yP9E86NgzsLW5NdTOAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:36.841431 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public../.env"] [unique_id "aiq3yP9E86NgzsLW5NdTOAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:37.566388 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3yIquOaPLD-Glmkk5PQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:37.719037 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3yP9E86NgzsLW5NdTOAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:37.777528 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public../wp-config.php"] [unique_id "aiq3yf9E86NgzsLW5NdTPAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:37.777883 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public../wp-config.php"] [unique_id "aiq3yf9E86NgzsLW5NdTPAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:38.364026 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3yoquOaPLD-Glmkk5RwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:38.364403 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3yoquOaPLD-Glmkk5RwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:38.616720 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3yf9E86NgzsLW5NdTPAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:38.660077 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/public../.git/config"] [unique_id "aiq3yv9E86NgzsLW5NdTQwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:38.660532 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/public../.git/config"] [unique_id "aiq3yv9E86NgzsLW5NdTQwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:39.330134 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3yoquOaPLD-Glmkk5RwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:39.357538 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3y4quOaPLD-Glmkk5SwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:39.357939 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3y4quOaPLD-Glmkk5SwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:39.488082 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3yv9E86NgzsLW5NdTQwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:40.083409 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3y4quOaPLD-Glmkk5SwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:40.179753 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3zIquOaPLD-Glmkk5TwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:40.179968 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.prod"] [unique_id "aiq3zIquOaPLD-Glmkk5TwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:40.425034 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/dist../etc/nginx/nginx.conf"] [unique_id "aiq3zP9E86NgzsLW5NdTTAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:40.425758 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist../etc/nginx/nginx.conf"] [unique_id "aiq3zP9E86NgzsLW5NdTTAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:41.157688 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zIquOaPLD-Glmkk5TwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:41.279354 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zP9E86NgzsLW5NdTTAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:41.315139 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist../.env"] [unique_id "aiq3zf9E86NgzsLW5NdTUAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:41.315467 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist../.env"] [unique_id "aiq3zf9E86NgzsLW5NdTUAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.049902 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zf9E86NgzsLW5NdTUAAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.071180 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist../wp-config.php"] [unique_id "aiq3zv9E86NgzsLW5NdTUwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.071547 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist../wp-config.php"] [unique_id "aiq3zv9E86NgzsLW5NdTUwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.125686 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3zoquOaPLD-Glmkk5WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.125993 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3zoquOaPLD-Glmkk5WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.744037 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zoquOaPLD-Glmkk5WAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.767354 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3zoquOaPLD-Glmkk5WgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.767629 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3zoquOaPLD-Glmkk5WgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.876479 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zv9E86NgzsLW5NdTUwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.903174 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/dist../.git/config"] [unique_id "aiq3zv9E86NgzsLW5NdTVwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:42.903475 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/dist../.git/config"] [unique_id "aiq3zv9E86NgzsLW5NdTVwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:43.323524 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zoquOaPLD-Glmkk5WgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:43.389136 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3z4quOaPLD-Glmkk5XgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:43.389422 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aiq3z4quOaPLD-Glmkk5XgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:43.411871 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3zv9E86NgzsLW5NdTVwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:44.255754 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3z4quOaPLD-Glmkk5XgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:44.495770 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/build../etc/nginx/nginx.conf"] [unique_id "aiq30P9E86NgzsLW5NdTXwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:44.496409 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build../etc/nginx/nginx.conf"] [unique_id "aiq30P9E86NgzsLW5NdTXwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.209209 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30YquOaPLD-Glmkk5aAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.209704 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30YquOaPLD-Glmkk5aAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.210019 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30YquOaPLD-Glmkk5aAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.264170 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30P9E86NgzsLW5NdTXwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.384361 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build../.env"] [unique_id "aiq30f9E86NgzsLW5NdTYwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.384634 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build../.env"] [unique_id "aiq30f9E86NgzsLW5NdTYwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:45.988652 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30YquOaPLD-Glmkk5aAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.060760 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30oquOaPLD-Glmkk5bQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.061153 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30oquOaPLD-Glmkk5bQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.061452 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq30oquOaPLD-Glmkk5bQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.132410 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30f9E86NgzsLW5NdTYwAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.175450 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build../wp-config.php"] [unique_id "aiq30v9E86NgzsLW5NdTZgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:46.175850 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build../wp-config.php"] [unique_id "aiq30v9E86NgzsLW5NdTZgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.046342 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30v9E86NgzsLW5NdTZgAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.078910 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/build../.git/config"] [unique_id "aiq30_9E86NgzsLW5NdTaQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.079317 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/build../.git/config"] [unique_id "aiq30_9E86NgzsLW5NdTaQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.203485 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30oquOaPLD-Glmkk5bQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.238164 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq304quOaPLD-Glmkk5dQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.238656 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq304quOaPLD-Glmkk5dQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.238960 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.old"] [unique_id "aiq304quOaPLD-Glmkk5dQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.775253 2026] [security2:error] [pid 28791:tid 28795] [client 103.168.66.141:54840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq30_9E86NgzsLW5NdTaQAAAII"], referer: https://machen.ai/
[Thu Jun 11 10:27:47.807190 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq304quOaPLD-Glmkk5dQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:48.626874 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31IquOaPLD-Glmkk5fwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:48.627304 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31IquOaPLD-Glmkk5fwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:49.414676 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq31IquOaPLD-Glmkk5fwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:49.507318 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31YquOaPLD-Glmkk5hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:49.507729 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31YquOaPLD-Glmkk5hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:50.323111 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq31YquOaPLD-Glmkk5hgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:50.346426 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31oquOaPLD-Glmkk5iwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:50.346768 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.staging"] [unique_id "aiq31oquOaPLD-Glmkk5iwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:51.037823 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq31oquOaPLD-Glmkk5iwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:51.804383 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq314quOaPLD-Glmkk5kgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:51.804746 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq314quOaPLD-Glmkk5kgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:52.587015 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq314quOaPLD-Glmkk5kgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:52.610783 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq32IquOaPLD-Glmkk5mAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:52.611147 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq32IquOaPLD-Glmkk5mAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:53.214996 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq32IquOaPLD-Glmkk5mAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:53.395623 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq32YquOaPLD-Glmkk5nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:53.395895 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.dev"] [unique_id "aiq32YquOaPLD-Glmkk5nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:54.363239 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq32YquOaPLD-Glmkk5nQAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:55.128920 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq324quOaPLD-Glmkk5qAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:55.129392 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq324quOaPLD-Glmkk5qAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:55.765030 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq324quOaPLD-Glmkk5qAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:55.793202 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq324quOaPLD-Glmkk5qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:55.793494 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq324quOaPLD-Glmkk5qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:56.684276 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq324quOaPLD-Glmkk5qwAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:56.773392 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq33IquOaPLD-Glmkk5swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:56.773762 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aiq33IquOaPLD-Glmkk5swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:57.632274 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq33IquOaPLD-Glmkk5swAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:58.379998 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq33oquOaPLD-Glmkk5vAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:58.380262 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq33oquOaPLD-Glmkk5vAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:59.148068 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq33oquOaPLD-Glmkk5vAAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:59.327051 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq334quOaPLD-Glmkk5wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:27:59.327288 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq334quOaPLD-Glmkk5wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:00.029756 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq334quOaPLD-Glmkk5wgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:00.058890 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq34IquOaPLD-Glmkk5xgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:00.059269 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.test"] [unique_id "aiq34IquOaPLD-Glmkk5xgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:00.662872 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq34IquOaPLD-Glmkk5xgAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:01.559810 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq34YquOaPLD-Glmkk50AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:01.560176 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq34YquOaPLD-Glmkk50AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:02.355501 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq34YquOaPLD-Glmkk50AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:02.389350 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq34oquOaPLD-Glmkk51AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:02.389647 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq34oquOaPLD-Glmkk51AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:03.214702 2026] [security2:error] [pid 18250:tid 18256] [client 103.168.66.141:54626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq34oquOaPLD-Glmkk51AAAAMI"], referer: https://machen.ai/
[Thu Jun 11 10:28:04.369425 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq35P9E86NgzsLW5NdTlQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:04.369724 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.demo"] [unique_id "aiq35P9E86NgzsLW5NdTlQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:04.962480 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq35P9E86NgzsLW5NdTlQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:05.726386 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35f9E86NgzsLW5NdTmwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:05.726766 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35f9E86NgzsLW5NdTmwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:06.848718 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq35f9E86NgzsLW5NdTmwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:06.900237 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35v9E86NgzsLW5NdTngAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:06.900546 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35v9E86NgzsLW5NdTngAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:07.419103 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq35v9E86NgzsLW5NdTngAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:07.512214 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35_9E86NgzsLW5NdTogAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:07.512499 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.copy"] [unique_id "aiq35_9E86NgzsLW5NdTogAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:08.244243 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq35_9E86NgzsLW5NdTogAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:09.375669 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36f9E86NgzsLW5NdTqAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:09.375958 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36f9E86NgzsLW5NdTqAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.113880 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq36f9E86NgzsLW5NdTqAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.244044 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36v9E86NgzsLW5NdTqwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.244354 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36v9E86NgzsLW5NdTqwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.872802 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq36v9E86NgzsLW5NdTqwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.902245 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36v9E86NgzsLW5NdTrgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:10.902675 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.1"] [unique_id "aiq36v9E86NgzsLW5NdTrgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:11.425784 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq36v9E86NgzsLW5NdTrgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:12.459936 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37P9E86NgzsLW5NdTtAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:12.460279 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37P9E86NgzsLW5NdTtAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:12.978801 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq37P9E86NgzsLW5NdTtAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:13.012701 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37f9E86NgzsLW5NdTtgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:13.013095 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37f9E86NgzsLW5NdTtgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:13.859559 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq37f9E86NgzsLW5NdTtgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:13.890215 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37f9E86NgzsLW5NdTuQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:13.890703 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.2"] [unique_id "aiq37f9E86NgzsLW5NdTuQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:14.646978 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq37f9E86NgzsLW5NdTuQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:15.779752 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq37_9E86NgzsLW5NdTwAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:15.780171 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq37_9E86NgzsLW5NdTwAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:15.780489 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq37_9E86NgzsLW5NdTwAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:16.625100 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq37_9E86NgzsLW5NdTwAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:16.653613 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38P9E86NgzsLW5NdTwwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:16.654009 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38P9E86NgzsLW5NdTwwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:16.654253 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38P9E86NgzsLW5NdTwwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:17.312260 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq38P9E86NgzsLW5NdTwwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:17.394387 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38f9E86NgzsLW5NdTxgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:17.395050 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38f9E86NgzsLW5NdTxgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:17.395277 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiq38f9E86NgzsLW5NdTxgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:18.257976 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq38f9E86NgzsLW5NdTxgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:19.150291 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq38_9E86NgzsLW5NdTywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:19.150651 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq38_9E86NgzsLW5NdTywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:20.010397 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq38_9E86NgzsLW5NdTywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:20.044016 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq39P9E86NgzsLW5NdTzgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:20.044395 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq39P9E86NgzsLW5NdTzgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:21.107619 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq39P9E86NgzsLW5NdTzgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:21.173407 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq39f9E86NgzsLW5NdT0gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:21.173827 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.save"] [unique_id "aiq39f9E86NgzsLW5NdT0gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:21.962985 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq39f9E86NgzsLW5NdT0gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:22.920286 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq39v9E86NgzsLW5NdT2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:22.920594 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq39v9E86NgzsLW5NdT2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:23.760797 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq39v9E86NgzsLW5NdT2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:23.803036 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq39_9E86NgzsLW5NdT3AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:23.803536 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq39_9E86NgzsLW5NdT3AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:24.612129 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq39_9E86NgzsLW5NdT3AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:24.653035 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq3-P9E86NgzsLW5NdT3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:24.653259 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.orig"] [unique_id "aiq3-P9E86NgzsLW5NdT3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:25.510710 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3-P9E86NgzsLW5NdT3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:26.648778 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-v9E86NgzsLW5NdT4gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:26.649202 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-v9E86NgzsLW5NdT4gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:26.649567 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-v9E86NgzsLW5NdT4gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:27.528895 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3-v9E86NgzsLW5NdT4gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:27.621737 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-_9E86NgzsLW5NdT5AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:27.622150 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-_9E86NgzsLW5NdT5AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:27.622436 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3-_9E86NgzsLW5NdT5AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:28.475964 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3-_9E86NgzsLW5NdT5AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:28.625917 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3_P9E86NgzsLW5NdT5QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:28.626320 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3_P9E86NgzsLW5NdT5QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:28.626563 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swp"] [unique_id "aiq3_P9E86NgzsLW5NdT5QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:29.282807 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3_P9E86NgzsLW5NdT5QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:29.962323 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3_f9E86NgzsLW5NdT6AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:29.962637 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3_f9E86NgzsLW5NdT6AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:30.782882 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3_f9E86NgzsLW5NdT6AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:30.821076 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3_v9E86NgzsLW5NdT6gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:30.821345 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3_v9E86NgzsLW5NdT6gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:31.537874 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3_v9E86NgzsLW5NdT6gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:31.565337 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3__9E86NgzsLW5NdT6wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:31.565652 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.swo"] [unique_id "aiq3__9E86NgzsLW5NdT6wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:32.217350 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq3__9E86NgzsLW5NdT6wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.056234 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT7gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.058014 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT7gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.058463 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT7gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.694668 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Af9E86NgzsLW5NdT7gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.716824 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT8AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.717235 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT8AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:33.717537 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Af9E86NgzsLW5NdT8AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:34.560856 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Af9E86NgzsLW5NdT8AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:34.587182 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Av9E86NgzsLW5NdT8gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:34.587986 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Av9E86NgzsLW5NdT8gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:34.588392 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env~"] [unique_id "aiq4Av9E86NgzsLW5NdT8gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:35.314915 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Av9E86NgzsLW5NdT8gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:36.135371 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4BP9E86NgzsLW5NdT9gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:36.135698 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4BP9E86NgzsLW5NdT9gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:36.949313 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4BP9E86NgzsLW5NdT9gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:36.983165 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4BP9E86NgzsLW5NdT-QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:36.983442 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4BP9E86NgzsLW5NdT-QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:37.520930 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4BP9E86NgzsLW5NdT-QAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:37.544755 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4Bf9E86NgzsLW5NdT_AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:37.545073 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_backup"] [unique_id "aiq4Bf9E86NgzsLW5NdT_AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:38.298542 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Bf9E86NgzsLW5NdT_AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:39.535239 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4B_9E86NgzsLW5NdUBwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:39.535466 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4B_9E86NgzsLW5NdUBwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:40.378112 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4B_9E86NgzsLW5NdUBwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:40.403339 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4CP9E86NgzsLW5NdUDAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:40.403681 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4CP9E86NgzsLW5NdUDAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:40.985042 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4CP9E86NgzsLW5NdUDAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:41.013122 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4Cf9E86NgzsLW5NdUDgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:41.013396 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_old"] [unique_id "aiq4Cf9E86NgzsLW5NdUDgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:41.749734 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Cf9E86NgzsLW5NdUDgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:42.504183 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4Cv9E86NgzsLW5NdUFQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:42.504520 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4Cv9E86NgzsLW5NdUFQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:43.101022 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Cv9E86NgzsLW5NdUFQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:43.127446 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4C_9E86NgzsLW5NdUGgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:43.127942 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4C_9E86NgzsLW5NdUGgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:44.071792 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4C_9E86NgzsLW5NdUGgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:44.173433 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4DP9E86NgzsLW5NdUHgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:44.173775 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_prod"] [unique_id "aiq4DP9E86NgzsLW5NdUHgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:45.430561 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4DP9E86NgzsLW5NdUHgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:46.424764 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4Dv9E86NgzsLW5NdUKwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:46.425039 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4Dv9E86NgzsLW5NdUKwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:47.381164 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Dv9E86NgzsLW5NdUKwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:47.539786 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4D_9E86NgzsLW5NdULwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:47.540177 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4D_9E86NgzsLW5NdULwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:48.550080 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4D_9E86NgzsLW5NdULwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:48.579937 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4EP9E86NgzsLW5NdUNAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:48.580206 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env_dev"] [unique_id "aiq4EP9E86NgzsLW5NdUNAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:49.197343 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4EP9E86NgzsLW5NdUNAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:50.263065 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4Ev9E86NgzsLW5NdUPQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:50.263477 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4Ev9E86NgzsLW5NdUPQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:50.263958 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4Ev9E86NgzsLW5NdUPQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.107888 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Ev9E86NgzsLW5NdUPQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.139756 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdUQQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.140178 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdUQQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.140495 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdUQQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.792882 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4E_9E86NgzsLW5NdUQQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.813929 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdURQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.814328 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdURQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:51.814602 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.log"] [unique_id "aiq4E_9E86NgzsLW5NdURQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:52.265076 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4E_9E86NgzsLW5NdURQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:53.190960 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Ff9E86NgzsLW5NdUUAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:53.191252 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Ff9E86NgzsLW5NdUUAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.068942 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Ff9E86NgzsLW5NdUUAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.096037 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Fv9E86NgzsLW5NdUVAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.096387 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Fv9E86NgzsLW5NdUVAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.974462 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Fv9E86NgzsLW5NdUVAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.997915 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Fv9E86NgzsLW5NdUWgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:54.998137 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.txt"] [unique_id "aiq4Fv9E86NgzsLW5NdUWgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:55.722055 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Fv9E86NgzsLW5NdUWgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:56.765253 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4GP9E86NgzsLW5NdUZgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:56.765548 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4GP9E86NgzsLW5NdUZgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:57.516533 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4GP9E86NgzsLW5NdUZgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:57.540544 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4Gf9E86NgzsLW5NdUagAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:57.540895 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4Gf9E86NgzsLW5NdUagAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:58.172312 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Gf9E86NgzsLW5NdUagAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:58.197267 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4Gv9E86NgzsLW5NdUbQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:58.197568 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.json"] [unique_id "aiq4Gv9E86NgzsLW5NdUbQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:58.783913 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Gv9E86NgzsLW5NdUbQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:59.545387 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4G_9E86NgzsLW5NdUdgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:28:59.545731 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4G_9E86NgzsLW5NdUdgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:00.456747 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4G_9E86NgzsLW5NdUdgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:00.499269 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4HP9E86NgzsLW5NdUfAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:00.499717 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4HP9E86NgzsLW5NdUfAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:01.074669 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4HP9E86NgzsLW5NdUfAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:01.101106 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Hf9E86NgzsLW5NdUgQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:01.101482 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Hf9E86NgzsLW5NdUgQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:01.848135 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Hf9E86NgzsLW5NdUgQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:02.819483 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Hv9E86NgzsLW5NdUjAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:02.819822 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Hv9E86NgzsLW5NdUjAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:03.444544 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Hv9E86NgzsLW5NdUjAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:03.470753 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4H_9E86NgzsLW5NdUkQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:03.471071 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4H_9E86NgzsLW5NdUkQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:04.100617 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4H_9E86NgzsLW5NdUkQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:04.119263 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4IP9E86NgzsLW5NdUlAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:04.119613 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4IP9E86NgzsLW5NdUlAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:04.903096 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4IP9E86NgzsLW5NdUlAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:05.945387 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4If9E86NgzsLW5NdUnwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:05.945693 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4If9E86NgzsLW5NdUnwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:06.699902 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4If9E86NgzsLW5NdUnwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:06.865592 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Iv9E86NgzsLW5NdUpAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:06.865915 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Iv9E86NgzsLW5NdUpAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:07.486860 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Iv9E86NgzsLW5NdUpAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:07.565896 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4I_9E86NgzsLW5NdUqgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:07.566142 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4I_9E86NgzsLW5NdUqgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:08.537076 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4I_9E86NgzsLW5NdUqgAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:09.723874 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Jf9E86NgzsLW5NdUtQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:09.724232 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Jf9E86NgzsLW5NdUtQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:10.161950 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Jf9E86NgzsLW5NdUtQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:10.480868 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Jv9E86NgzsLW5NdUuAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:10.481205 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Jv9E86NgzsLW5NdUuAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:11.095482 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Jv9E86NgzsLW5NdUuAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:11.115509 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4J_9E86NgzsLW5NdUvQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:11.115776 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4J_9E86NgzsLW5NdUvQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:11.910046 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4J_9E86NgzsLW5NdUvQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:12.769196 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4KP9E86NgzsLW5NdUyAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:12.769403 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4KP9E86NgzsLW5NdUyAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.231997 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4KP9E86NgzsLW5NdUyAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.276233 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Kf9E86NgzsLW5NdUywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.276609 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Kf9E86NgzsLW5NdUywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.821092 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Kf9E86NgzsLW5NdUywAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.874218 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Kf9E86NgzsLW5NdU0AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:13.874660 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Kf9E86NgzsLW5NdU0AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:14.341131 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Kf9E86NgzsLW5NdU0AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:15.114299 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4K_9E86NgzsLW5NdU2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:15.114690 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4K_9E86NgzsLW5NdU2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:15.719735 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4K_9E86NgzsLW5NdU2AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:15.913296 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4K_9E86NgzsLW5NdU3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:15.913619 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4K_9E86NgzsLW5NdU3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:16.752333 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4K_9E86NgzsLW5NdU3gAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:16.834236 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4LP9E86NgzsLW5NdU4wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:16.834622 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4LP9E86NgzsLW5NdU4wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:17.433015 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4LP9E86NgzsLW5NdU4wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:18.473170 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Lv9E86NgzsLW5NdU7wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:18.473709 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4Lv9E86NgzsLW5NdU7wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.206519 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Lv9E86NgzsLW5NdU7wAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.233114 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4L_9E86NgzsLW5NdU9AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.233372 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4L_9E86NgzsLW5NdU9AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.802830 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4L_9E86NgzsLW5NdU9AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.843263 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4L_9E86NgzsLW5NdU-AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:19.843527 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4L_9E86NgzsLW5NdU-AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:20.474900 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4L_9E86NgzsLW5NdU-AAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:21.553919 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4Mf9E86NgzsLW5NdVBAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:21.554245 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4Mf9E86NgzsLW5NdVBAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:22.340094 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Mf9E86NgzsLW5NdVBAAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:22.366372 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4Mv9E86NgzsLW5NdVCwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:22.366652 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4Mv9E86NgzsLW5NdVCwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:23.292821 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Mv9E86NgzsLW5NdVCwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:23.405953 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4M_9E86NgzsLW5NdVEQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:23.406210 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2Eenv"] [unique_id "aiq4M_9E86NgzsLW5NdVEQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:24.269159 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4M_9E86NgzsLW5NdVEQAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:26.185424 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4Nv9E86NgzsLW5NdVJwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:26.185766 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4Nv9E86NgzsLW5NdVJwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.136066 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4Nv9E86NgzsLW5NdVJwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.160747 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4N_9E86NgzsLW5NdVLwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.161342 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4N_9E86NgzsLW5NdVLwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.885970 2026] [security2:error] [pid 28791:tid 28807] [client 103.168.66.141:10506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4N_9E86NgzsLW5NdVLwAAAJE"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.951948 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4N4agfRjXQ0p98P7IywAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:27.952279 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.%65nv"] [unique_id "aiq4N4agfRjXQ0p98P7IywAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:28.751099 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4N4agfRjXQ0p98P7IywAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:29.647409 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4OYagfRjXQ0p98P7IzgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:29.647825 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4OYagfRjXQ0p98P7IzgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:30.451280 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4OYagfRjXQ0p98P7IzgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:30.473421 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4OoagfRjXQ0p98P7I0QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:30.473796 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4OoagfRjXQ0p98P7I0QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:31.213916 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4OoagfRjXQ0p98P7I0QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:31.281869 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4O4agfRjXQ0p98P7I1AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:31.282190 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/%2e%65%6e%76"] [unique_id "aiq4O4agfRjXQ0p98P7I1AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:31.889159 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4O4agfRjXQ0p98P7I1AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:33.533560 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PYagfRjXQ0p98P7I2wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:33.534154 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PYagfRjXQ0p98P7I2wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.107237 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4PYagfRjXQ0p98P7I2wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.121157 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PoagfRjXQ0p98P7I3AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.121701 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PoagfRjXQ0p98P7I3AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.939094 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4PoagfRjXQ0p98P7I3AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.972427 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PoagfRjXQ0p98P7I3wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:34.972722 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/\\xef\\xbc\\x8eenv"] [unique_id "aiq4PoagfRjXQ0p98P7I3wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:35.714794 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4PoagfRjXQ0p98P7I3wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:37.387084 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QYagfRjXQ0p98P7I5gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:37.387521 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QYagfRjXQ0p98P7I5gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:37.922007 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4QYagfRjXQ0p98P7I5gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:37.972065 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QYagfRjXQ0p98P7I6AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:37.972434 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QYagfRjXQ0p98P7I6AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:38.524892 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4QYagfRjXQ0p98P7I6AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:38.551404 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QoagfRjXQ0p98P7I6gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:38.551750 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV"] [unique_id "aiq4QoagfRjXQ0p98P7I6gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:39.351947 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4QoagfRjXQ0p98P7I6gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:40.223169 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RIagfRjXQ0p98P7I8AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:40.223780 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RIagfRjXQ0p98P7I8AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:41.010070 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4RIagfRjXQ0p98P7I8AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:41.032701 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RYagfRjXQ0p98P7I8QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:41.033039 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RYagfRjXQ0p98P7I8QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:41.760093 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4RYagfRjXQ0p98P7I8QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:42.049261 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RoagfRjXQ0p98P7I9AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:42.049545 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.Env"] [unique_id "aiq4RoagfRjXQ0p98P7I9AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:43.042999 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4RoagfRjXQ0p98P7I9AAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:43.788358 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4R4agfRjXQ0p98P7I-QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:43.788704 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4R4agfRjXQ0p98P7I-QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:44.531401 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4R4agfRjXQ0p98P7I-QAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:44.779429 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4SIagfRjXQ0p98P7I-wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:44.779991 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4SIagfRjXQ0p98P7I-wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:45.585120 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4SIagfRjXQ0p98P7I-wAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:45.611037 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4SYagfRjXQ0p98P7I_gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:45.611322 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.ENV.local"] [unique_id "aiq4SYagfRjXQ0p98P7I_gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:46.375990 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4SYagfRjXQ0p98P7I_gAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:47.448739 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4S4agfRjXQ0p98P7JBAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:47.449007 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4S4agfRjXQ0p98P7JBAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:48.204932 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4S4agfRjXQ0p98P7JBAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:48.247235 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4TIagfRjXQ0p98P7JBQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:48.247622 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4TIagfRjXQ0p98P7JBQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:49.047932 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4TIagfRjXQ0p98P7JBQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:49.070557 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4TYagfRjXQ0p98P7JCAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:49.071020 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4TYagfRjXQ0p98P7JCAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:49.703320 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4TYagfRjXQ0p98P7JCAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:50.532503 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4ToagfRjXQ0p98P7JDAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:50.533046 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4ToagfRjXQ0p98P7JDAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:50.694125 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4ToagfRjXQ0p98P7JDAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:50.949120 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4ToagfRjXQ0p98P7JDQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:50.949731 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4ToagfRjXQ0p98P7JDQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.040327 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4ToagfRjXQ0p98P7JDQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.059287 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4T4agfRjXQ0p98P7JDgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.059720 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4T4agfRjXQ0p98P7JDgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.163050 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4T4agfRjXQ0p98P7JDgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.423411 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env?"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.424025 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.550358 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4T4agfRjXQ0p98P7JEQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.568698 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env?"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.569020 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.656078 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4T4agfRjXQ0p98P7JEgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.969947 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env?"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:51.970269 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env?"] [unique_id "aiq4T4agfRjXQ0p98P7JEwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.062238 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4T4agfRjXQ0p98P7JEwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.267932 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.268325 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.349179 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UIagfRjXQ0p98P7JFQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.476925 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.477215 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.556776 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UIagfRjXQ0p98P7JFgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.711751 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.712159 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.jpg"] [unique_id "aiq4UIagfRjXQ0p98P7JFwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:52.808925 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UIagfRjXQ0p98P7JFwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.025640 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.css"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JGgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.025991 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JGgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.109848 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UYagfRjXQ0p98P7JGgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.225494 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.css"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JGwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.225894 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JGwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.301961 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UYagfRjXQ0p98P7JGwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.350164 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.css"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JHAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.350482 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.css"] [unique_id "aiq4UYagfRjXQ0p98P7JHAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.524313 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UYagfRjXQ0p98P7JHAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.706034 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UYagfRjXQ0p98P7JHgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.706345 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UYagfRjXQ0p98P7JHgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.833873 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UYagfRjXQ0p98P7JHgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.875329 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UYagfRjXQ0p98P7JHwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.875697 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UYagfRjXQ0p98P7JHwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:53.987800 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UYagfRjXQ0p98P7JHwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:54.017042 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env;.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UoagfRjXQ0p98P7JIAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:54.017352 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env;.js"] [unique_id "aiq4UoagfRjXQ0p98P7JIAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:54.165038 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UoagfRjXQ0p98P7JIAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:54.844943 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4UoagfRjXQ0p98P7JJgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:54.845311 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4UoagfRjXQ0p98P7JJgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.048165 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4UoagfRjXQ0p98P7JJgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.094766 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JJwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.095267 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JJwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.240451 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4U4agfRjXQ0p98P7JJwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.258989 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JKAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.259408 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JKAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.345208 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4U4agfRjXQ0p98P7JKAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.532873 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JKgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.533168 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JKgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.630905 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4U4agfRjXQ0p98P7JKgAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.706186 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JLAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.706556 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JLAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.781964 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4U4agfRjXQ0p98P7JLAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.956800 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JLQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:55.957058 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiq4U4agfRjXQ0p98P7JLQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.057494 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4U4agfRjXQ0p98P7JLQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.331314 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JLwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.331681 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JLwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.517685 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4VIagfRjXQ0p98P7JLwAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.563153 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.563463 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.867944 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMAAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.891347 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:56.891810 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:57.115558 2026] [security2:error] [pid 28740:tid 28759] [client 103.168.66.141:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiq4VIagfRjXQ0p98P7JMQAAAA8"], referer: https://machen.ai/
[Thu Jun 11 10:29:59.953386 2026] [core:error] [pid 28790:tid 28833] [client 103.168.66.141:30262] AH10244: invalid URI path (https://machen.ai/static/../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:02.269357 2026] [core:error] [pid 2041:tid 2058] [client 103.168.66.141:30146] AH10244: invalid URI path (https://machen.ai/static/../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:04.560134 2026] [core:error] [pid 2041:tid 2056] [client 103.168.66.141:16922] AH10244: invalid URI path (https://machen.ai/static/../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:07.827186 2026] [core:error] [pid 28790:tid 28842] [client 103.168.66.141:16924] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:10.237305 2026] [core:error] [pid 28791:tid 28908] [client 103.168.66.141:30242] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:12.646867 2026] [core:error] [pid 2041:tid 2048] [client 103.168.66.141:30196] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:15.932887 2026] [core:error] [pid 8022:tid 8037] [client 103.168.66.141:32394] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:18.054996 2026] [core:error] [pid 28791:tid 28813] [client 103.168.66.141:32408] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:21.329063 2026] [core:error] [pid 28791:tid 28805] [client 103.168.66.141:32146] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:23.699718 2026] [core:error] [pid 28790:tid 28833] [client 103.168.66.141:26182] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:25.755499 2026] [core:error] [pid 8022:tid 8036] [client 103.168.66.141:26198] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:28.290360 2026] [core:error] [pid 28791:tid 28801] [client 103.168.66.141:26206] AH10244: invalid URI path (https://machen.ai/static/../../../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:30.780152 2026] [core:error] [pid 18250:tid 18275] [client 103.168.66.141:38514] AH10244: invalid URI path (https://machen.ai/assets/../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:33.218172 2026] [core:error] [pid 8022:tid 8035] [client 103.168.66.141:26176] AH10244: invalid URI path (https://machen.ai/assets/../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:34.953327 2026] [core:error] [pid 28740:tid 28765] [client 103.168.66.141:38530] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:36.528299 2026] [core:error] [pid 2041:tid 2051] [client 103.168.66.141:38536] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:37.543101 2026] [core:error] [pid 8022:tid 8041] [client 103.168.66.141:38538] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:39.041209 2026] [core:error] [pid 28790:tid 28822] [client 103.168.66.141:38554] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:40.598233 2026] [core:error] [pid 28740:tid 28760] [client 103.168.66.141:48040] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:42.177233 2026] [core:error] [pid 28790:tid 28832] [client 103.168.66.141:48046] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:44.279755 2026] [core:error] [pid 2041:tid 2059] [client 103.168.66.141:48048] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:46.799293 2026] [core:error] [pid 2041:tid 2062] [client 103.168.66.141:48050] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:49.164499 2026] [core:error] [pid 8022:tid 8052] [client 103.168.66.141:48058] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:30:50.980306 2026] [core:error] [pid 28740:tid 28749] [client 103.168.66.141:57986] AH10244: invalid URI path (https://machen.ai/assets/../../../../../../../../../../../../../../../etc/passwd), referer: https://machen.ai/
[Thu Jun 11 10:37:39.616642 2026] [authz_core:error] [pid 18250:tid 18267] [client 85.204.70.104:54212] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/PHPMailer/error_log
[Thu Jun 11 10:37:53.992555 2026] [authz_core:error] [pid 28740:tid 28761] [client 85.204.70.104:52904] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/error_log
[Thu Jun 11 10:37:54.129856 2026] [authz_core:error] [pid 28740:tid 28761] [client 85.204.70.104:52904] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/endpoints/error_log
[Thu Jun 11 10:38:42.355911 2026] [authz_core:error] [pid 28790:tid 28828] [client 85.204.70.104:39798] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/fields/error_log
[Thu Jun 11 10:38:57.213955 2026] [authz_core:error] [pid 2041:tid 2048] [client 85.204.70.104:49850] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/rest-api/search/error_log
[Thu Jun 11 10:39:11.827768 2026] [authz_core:error] [pid 8022:tid 8053] [client 85.204.70.104:39334] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sitemaps/providers/error_log
[Thu Jun 11 10:39:26.086993 2026] [authz_core:error] [pid 18250:tid 18259] [client 85.204.70.104:60830] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/lib/error_log
[Thu Jun 11 10:39:42.962197 2026] [authz_core:error] [pid 18250:tid 18261] [client 85.204.70.104:46544] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/error_log
[Thu Jun 11 10:39:54.013823 2026] [authz_core:error] [pid 28791:tid 28805] [client 85.204.70.104:38184] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/error_log
[Thu Jun 11 10:40:06.170889 2026] [authz_core:error] [pid 28790:tid 28835] [client 85.204.70.104:49830] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/ChaCha20/error_log
[Thu Jun 11 10:40:19.003438 2026] [authz_core:error] [pid 28791:tid 28797] [client 85.204.70.104:45114] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Curve25519/error_log
[Thu Jun 11 10:40:29.903104 2026] [authz_core:error] [pid 28791:tid 28811] [client 85.204.70.104:50624] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Thu Jun 11 10:40:48.597249 2026] [authz_core:error] [pid 2041:tid 2053] [client 85.204.70.104:44042] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/namespaced/Core/Poly1305/error_log
[Thu Jun 11 10:41:06.355616 2026] [authz_core:error] [pid 28791:tid 28809] [client 85.204.70.104:36110] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/error_log
[Thu Jun 11 10:41:17.472885 2026] [authz_core:error] [pid 18250:tid 18278] [client 85.204.70.104:59808] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/error_log
[Thu Jun 11 10:41:42.337542 2026] [authz_core:error] [pid 28790:tid 28842] [client 85.204.70.104:46470] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/AES/error_log
[Thu Jun 11 10:42:08.928237 2026] [authz_core:error] [pid 2041:tid 2058] [client 85.204.70.104:60796] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/ChaCha20/error_log
[Thu Jun 11 10:42:21.988873 2026] [authz_core:error] [pid 18250:tid 18275] [client 85.204.70.104:53084] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/Curve25519/error_log
[Thu Jun 11 10:42:47.956046 2026] [authz_core:error] [pid 28790:tid 28824] [client 85.204.70.104:42160] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core/Poly1305/error_log
[Thu Jun 11 10:43:15.504168 2026] [authz_core:error] [pid 8022:tid 8049] [client 85.204.70.104:57978] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/error_log
[Thu Jun 11 10:43:27.331084 2026] [authz_core:error] [pid 28791:tid 28808] [client 85.204.70.104:50398] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/ChaCha20/error_log
[Thu Jun 11 10:43:40.617383 2026] [authz_core:error] [pid 18250:tid 18260] [client 85.204.70.104:59404] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/Curve25519/error_log
[Thu Jun 11 10:44:13.028865 2026] [authz_core:error] [pid 28791:tid 28801] [client 85.204.70.104:34312] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/sodium_compat/src/Core32/Poly1305/error_log
[Thu Jun 11 10:45:00.386169 2026] [authz_core:error] [pid 2041:tid 2068] [client 85.204.70.104:40908] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/theme-compat/error_log
[Thu Jun 11 10:45:00.565972 2026] [authz_core:error] [pid 2041:tid 2068] [client 85.204.70.104:40908] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-includes/widgets/error_log
[Thu Jun 11 10:50:13.766757 2026] [authz_core:error] [pid 28790:tid 28822] [client 85.204.70.104:56126] AH01630: client denied by server configuration: /disk001/machen/public_html/support/wp-admin/includes/error_log
[Thu Jun 11 10:54:36.952051 2026] [core:error] [pid 28791:tid 28932] [client 101.36.104.242:54726] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 10:55:31.278871 2026] [security2:error] [pid 28791:tid 28801] [client 43.157.179.227:52942] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aiq-U_9E86NgzsLW5NdqhAAAAIk"]
[Thu Jun 11 11:10:25.714600 2026] [security2:error] [pid 18250:tid 18273] [client 165.232.119.149:52180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airB0YquOaPLD-GlmklecQAAANM"]
[Thu Jun 11 11:10:26.660741 2026] [security2:error] [pid 28790:tid 28840] [client 165.232.119.149:52190] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "airB0mASBxmYCTXNMW5iaAAAARY"]
[Thu Jun 11 11:11:01.329700 2026] [:error] [pid 2041:tid 2046] [client 20.226.65.206:29506] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Thu Jun 11 11:11:01.470920 2026] [:error] [pid 2041:tid 2046] [client 20.226.65.206:29506] File does not exist: /disk001/machen/public_html/suporte/wp-Blogs.php
[Thu Jun 11 11:14:45.452701 2026] [core:error] [pid 8022:tid 8047] [client 176.112.128.143:43892] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 11:17:38.897681 2026] [security2:error] [pid 28790:tid 28826] [client 111.230.233.46:52606] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "airDgmASBxmYCTXNMW5o1wAAAQg"], referer: http://machen.ai
[Thu Jun 11 11:18:29.170916 2026] [security2:error] [pid 8022:tid 8046] [client 170.64.220.108:37270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airDtY89NgQ7K0QZaBnqCQAAAU4"]
[Thu Jun 11 11:18:29.656695 2026] [security2:error] [pid 18250:tid 18254] [client 170.64.220.108:37286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "airDtYquOaPLD-GlmklkpgAAAMA"]
[Thu Jun 11 11:21:29.198779 2026] [security2:error] [pid 28790:tid 28830] [client 78.153.140.93:55996] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airEaWASBxmYCTXNMW5riAAAAQw"]
[Thu Jun 11 11:21:29.199062 2026] [security2:error] [pid 28790:tid 28830] [client 78.153.140.93:55996] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airEaWASBxmYCTXNMW5riAAAAQw"]
[Thu Jun 11 11:21:29.199346 2026] [security2:error] [pid 28790:tid 28830] [client 78.153.140.93:55996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airEaWASBxmYCTXNMW5riAAAAQw"]
[Thu Jun 11 11:21:29.200448 2026] [security2:error] [pid 28790:tid 28830] [client 78.153.140.93:55996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airEaWASBxmYCTXNMW5riAAAAQw"]
[Thu Jun 11 11:21:29.570848 2026] [security2:error] [pid 2041:tid 2057] [client 78.153.140.93:56004] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airEaQ5X1D4FZg2ua4ha-gAAAEw"]
[Thu Jun 11 11:22:25.673550 2026] [security2:error] [pid 8022:tid 8036] [client 80.94.92.65:52466] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_profiler/phpinfo"] [unique_id "airEoY89NgQ7K0QZaBntCQAAAUQ"]
[Thu Jun 11 11:22:25.673730 2026] [security2:error] [pid 8022:tid 8036] [client 80.94.92.65:52466] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/_profiler/phpinfo"] [unique_id "airEoY89NgQ7K0QZaBntCQAAAUQ"]
[Thu Jun 11 11:22:25.674144 2026] [security2:error] [pid 8022:tid 8036] [client 80.94.92.65:52466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/_profiler/phpinfo"] [unique_id "airEoY89NgQ7K0QZaBntCQAAAUQ"]
[Thu Jun 11 11:22:25.674399 2026] [security2:error] [pid 8022:tid 8036] [client 80.94.92.65:52466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airEoY89NgQ7K0QZaBntCQAAAUQ"]
[Thu Jun 11 11:37:34.436943 2026] [security2:error] [pid 18250:tid 18258] [client 46.151.178.13:35960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airILoquOaPLD-Glmkl1-QAAAMQ"], referer: http://13.84.161.190:443/
[Thu Jun 11 11:42:38.068051 2026] [security2:error] [pid 28740:tid 28759] [client 43.135.145.77:58688] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airJXoagfRjXQ0p98P4B8QAAAA8"], referer: http://13.84.161.190
[Thu Jun 11 11:42:38.068159 2026] [security2:error] [pid 28740:tid 28759] [client 43.135.145.77:58688] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airJXoagfRjXQ0p98P4B8QAAAA8"], referer: http://13.84.161.190
[Thu Jun 11 11:42:38.068766 2026] [security2:error] [pid 28740:tid 28759] [client 43.135.145.77:58688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airJXoagfRjXQ0p98P4B8QAAAA8"], referer: http://13.84.161.190
[Thu Jun 11 11:42:38.953073 2026] [security2:error] [pid 28740:tid 28759] [client 43.135.145.77:58688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airJXoagfRjXQ0p98P4B8QAAAA8"], referer: http://13.84.161.190
[Thu Jun 11 11:44:19.350443 2026] [security2:error] [pid 18250:tid 18275] [client 45.148.10.67:56414] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airJw4quOaPLD-Glmkl9cgAAANU"]
[Thu Jun 11 11:45:33.312681 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:fileloc: /proc/7722/root/proc/net/tcp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKDY89NgQ7K0QZaBkEYgAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:33.313621 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKDY89NgQ7K0QZaBkEYgAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:33.314084 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKDY89NgQ7K0QZaBkEYgAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:39.664940 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/7722/root/proc/net/udp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKE489NgQ7K0QZaBkEgAAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:39.665936 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKE489NgQ7K0QZaBkEgAAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:39.666194 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKE489NgQ7K0QZaBkEgAAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:42.803161 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/7722/root/proc/net/udplite6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKFo89NgQ7K0QZaBkEjwAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:42.804078 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKFo89NgQ7K0QZaBkEjwAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:42.804392 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKFo89NgQ7K0QZaBkEjwAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:52.926946 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/7722/root/proc/net/udplite"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKII89NgQ7K0QZaBkEvQAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:52.928082 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKII89NgQ7K0QZaBkEvQAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:45:52.928358 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKII89NgQ7K0QZaBkEvQAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:00.728743 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:fileloc: /proc/7722/root/proc/net/tcp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKKI89NgQ7K0QZaBkE2wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:00.729484 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKKI89NgQ7K0QZaBkE2wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:00.729750 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKKI89NgQ7K0QZaBkE2wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:07.159730 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:fileloc: /proc/7722/root/proc/net/udp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKL489NgQ7K0QZaBkE9wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:07.160520 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKL489NgQ7K0QZaBkE9wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:46:07.160847 2026] [security2:error] [pid 8022:tid 8044] [client 74.7.242.25:49830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airKL489NgQ7K0QZaBkE9wAAAUw"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/net
[Thu Jun 11 11:49:25.680052 2026] [security2:error] [pid 8022:tid 8055] [client 78.153.140.250:56562] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airK9Y89NgQ7K0QZaBkH1gAAAVc"]
[Thu Jun 11 11:49:25.680347 2026] [security2:error] [pid 8022:tid 8055] [client 78.153.140.250:56562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airK9Y89NgQ7K0QZaBkH1gAAAVc"]
[Thu Jun 11 11:49:25.680688 2026] [security2:error] [pid 8022:tid 8055] [client 78.153.140.250:56562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airK9Y89NgQ7K0QZaBkH1gAAAVc"]
[Thu Jun 11 11:49:25.681111 2026] [security2:error] [pid 8022:tid 8055] [client 78.153.140.250:56562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airK9Y89NgQ7K0QZaBkH1gAAAVc"]
[Thu Jun 11 11:49:26.493330 2026] [security2:error] [pid 28791:tid 28810] [client 78.153.140.250:56566] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airK9v9E86NgzsLW5NeaRgAAAJQ"]
[Thu Jun 11 11:56:44.267111 2026] [security2:error] [pid 28790:tid 28829] [client 74.7.242.25:35874] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:fileloc: /proc/7722/root/proc/self/root/etc/shadow.nouids.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airMrGASBxmYCTXNMW6M0QAAAQs"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 11:56:44.268191 2026] [security2:error] [pid 28790:tid 28829] [client 74.7.242.25:35874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airMrGASBxmYCTXNMW6M0QAAAQs"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 11:56:44.268654 2026] [security2:error] [pid 28790:tid 28829] [client 74.7.242.25:35874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airMrGASBxmYCTXNMW6M0QAAAQs"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 12:03:14.925768 2026] [security2:error] [pid 28791:tid 28800] [client 46.151.178.13:34694] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airOMv9E86NgzsLW5NemxAAAAIg"], referer: http://13.66.22.226:443/
[Thu Jun 11 12:04:14.833410 2026] [ssl:error] [pid 28740:tid 28752] [client 98.84.1.175:46920] AH02032: Hostname machen.ai (default host as no SNI was provided) and hostname autoconfig.a1b2c3d4.machen.ai provided via HTTP have no compatible SSL setup for policy 'secure'
[Thu Jun 11 12:05:22.047022 2026] [security2:error] [pid 28740:tid 28759] [client 204.76.203.81:34848] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airOsoagfRjXQ0p98P4W8AAAAA8"]
[Thu Jun 11 12:05:47.219360 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOy489NgQ7K0QZaBkX1wAAAUc"]
[Thu Jun 11 12:05:47.219470 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOy489NgQ7K0QZaBkX1wAAAUc"]
[Thu Jun 11 12:05:47.220225 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOy489NgQ7K0QZaBkX1wAAAUc"]
[Thu Jun 11 12:05:47.972310 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airOy489NgQ7K0QZaBkX1wAAAUc"]
[Thu Jun 11 12:05:48.052791 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzI89NgQ7K0QZaBkX3AAAAUc"]
[Thu Jun 11 12:05:48.052903 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzI89NgQ7K0QZaBkX3AAAAUc"]
[Thu Jun 11 12:05:48.054000 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzI89NgQ7K0QZaBkX3AAAAUc"]
[Thu Jun 11 12:05:49.113704 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airOzI89NgQ7K0QZaBkX3AAAAUc"]
[Thu Jun 11 12:05:49.150703 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzY89NgQ7K0QZaBkX4gAAAUc"]
[Thu Jun 11 12:05:49.799101 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzY89NgQ7K0QZaBkX5gAAAUc"]
[Thu Jun 11 12:05:49.799859 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzY89NgQ7K0QZaBkX5gAAAUc"]
[Thu Jun 11 12:05:49.800911 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzY89NgQ7K0QZaBkX5gAAAUc"]
[Thu Jun 11 12:05:50.573297 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airOzY89NgQ7K0QZaBkX5gAAAUc"]
[Thu Jun 11 12:05:50.611052 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzo89NgQ7K0QZaBkX6wAAAUc"]
[Thu Jun 11 12:05:50.611158 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzo89NgQ7K0QZaBkX6wAAAUc"]
[Thu Jun 11 12:05:50.611566 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOzo89NgQ7K0QZaBkX6wAAAUc"]
[Thu Jun 11 12:05:51.261545 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airOzo89NgQ7K0QZaBkX6wAAAUc"]
[Thu Jun 11 12:05:51.581465 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/dns-query"] [unique_id "airOz489NgQ7K0QZaBkX8AAAAUc"]
[Thu Jun 11 12:05:52.435941 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0I89NgQ7K0QZaBkX9gAAAUc"]
[Thu Jun 11 12:05:52.436049 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0I89NgQ7K0QZaBkX9gAAAUc"]
[Thu Jun 11 12:05:52.436721 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0I89NgQ7K0QZaBkX9gAAAUc"]
[Thu Jun 11 12:05:53.058142 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO0I89NgQ7K0QZaBkX9gAAAUc"]
[Thu Jun 11 12:05:53.096755 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX-QAAAUc"]
[Thu Jun 11 12:05:53.096836 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX-QAAAUc"]
[Thu Jun 11 12:05:53.097178 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX-QAAAUc"]
[Thu Jun 11 12:05:53.360822 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO0Y89NgQ7K0QZaBkX-QAAAUc"]
[Thu Jun 11 12:05:53.400536 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX-gAAAUc"]
[Thu Jun 11 12:05:53.823825 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX_QAAAUc"]
[Thu Jun 11 12:05:53.823908 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX_QAAAUc"]
[Thu Jun 11 12:05:53.824628 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0Y89NgQ7K0QZaBkX_QAAAUc"]
[Thu Jun 11 12:05:54.269929 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO0Y89NgQ7K0QZaBkX_QAAAUc"]
[Thu Jun 11 12:05:54.342216 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0o89NgQ7K0QZaBkYAQAAAUc"]
[Thu Jun 11 12:05:54.342325 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0o89NgQ7K0QZaBkYAQAAAUc"]
[Thu Jun 11 12:05:54.342751 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0o89NgQ7K0QZaBkYAQAAAUc"]
[Thu Jun 11 12:05:55.072079 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO0o89NgQ7K0QZaBkYAQAAAUc"]
[Thu Jun 11 12:05:55.110622 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/query"] [unique_id "airO0489NgQ7K0QZaBkYBgAAAUc"]
[Thu Jun 11 12:05:55.875892 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO0489NgQ7K0QZaBkYCQAAAUc"]
[Thu Jun 11 12:05:55.875976 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO0489NgQ7K0QZaBkYCQAAAUc"]
[Thu Jun 11 12:05:55.877041 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO0489NgQ7K0QZaBkYCQAAAUc"]
[Thu Jun 11 12:05:56.531741 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO0489NgQ7K0QZaBkYCQAAAUc"]
[Thu Jun 11 12:05:56.576616 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1I89NgQ7K0QZaBkYDwAAAUc"]
[Thu Jun 11 12:05:56.576708 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1I89NgQ7K0QZaBkYDwAAAUc"]
[Thu Jun 11 12:05:56.577053 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1I89NgQ7K0QZaBkYDwAAAUc"]
[Thu Jun 11 12:05:57.306309 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO1I89NgQ7K0QZaBkYDwAAAUc"]
[Thu Jun 11 12:05:57.361243 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1Y89NgQ7K0QZaBkYFAAAAUc"]
[Thu Jun 11 12:05:58.039016 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYFwAAAUc"]
[Thu Jun 11 12:05:58.039097 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYFwAAAUc"]
[Thu Jun 11 12:05:58.039897 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYFwAAAUc"]
[Thu Jun 11 12:05:58.551763 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO1o89NgQ7K0QZaBkYFwAAAUc"]
[Thu Jun 11 12:05:58.588889 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYGwAAAUc"]
[Thu Jun 11 12:05:58.588982 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYGwAAAUc"]
[Thu Jun 11 12:05:58.589355 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1o89NgQ7K0QZaBkYGwAAAUc"]
[Thu Jun 11 12:05:59.318172 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO1o89NgQ7K0QZaBkYGwAAAUc"]
[Thu Jun 11 12:05:59.356290 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/resolve"] [unique_id "airO1489NgQ7K0QZaBkYIQAAAUc"]
[Thu Jun 11 12:06:00.105096 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYJAAAAUc"]
[Thu Jun 11 12:06:00.105272 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYJAAAAUc"]
[Thu Jun 11 12:06:00.106501 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYJAAAAUc"]
[Thu Jun 11 12:06:00.812655 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO2I89NgQ7K0QZaBkYJAAAAUc"]
[Thu Jun 11 12:06:00.852001 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYKQAAAUc"]
[Thu Jun 11 12:06:00.852080 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYKQAAAUc"]
[Thu Jun 11 12:06:00.852539 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2I89NgQ7K0QZaBkYKQAAAUc"]
[Thu Jun 11 12:06:01.481225 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO2I89NgQ7K0QZaBkYKQAAAUc"]
[Thu Jun 11 12:06:01.522076 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2Y89NgQ7K0QZaBkYLQAAAUc"]
[Thu Jun 11 12:06:02.465680 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2o89NgQ7K0QZaBkYMgAAAUc"]
[Thu Jun 11 12:06:02.465782 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2o89NgQ7K0QZaBkYMgAAAUc"]
[Thu Jun 11 12:06:02.466482 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2o89NgQ7K0QZaBkYMgAAAUc"]
[Thu Jun 11 12:06:03.442568 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO2o89NgQ7K0QZaBkYMgAAAUc"]
[Thu Jun 11 12:06:03.479214 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2489NgQ7K0QZaBkYOAAAAUc"]
[Thu Jun 11 12:06:03.479293 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/dns-message|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2489NgQ7K0QZaBkYOAAAAUc"]
[Thu Jun 11 12:06:03.479653 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO2489NgQ7K0QZaBkYOAAAAUc"]
[Thu Jun 11 12:06:04.282257 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "airO2489NgQ7K0QZaBkYOAAAAUc"]
[Thu Jun 11 12:06:04.321872 2026] [security2:error] [pid 8022:tid 8039] [client 47.89.154.16:32950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airO3I89NgQ7K0QZaBkYPAAAAUc"]
[Thu Jun 11 12:09:55.053594 2026] [security2:error] [pid 28790:tid 28822] [client 167.71.71.11:50806] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airPw2ASBxmYCTXNMW6bSwAAAQQ"]
[Thu Jun 11 12:09:55.297762 2026] [security2:error] [pid 18250:tid 18269] [client 167.71.71.11:50810] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airPw4quOaPLD-GlmkmWeAAAAM8"]
[Thu Jun 11 12:11:49.275014 2026] [security2:error] [pid 28790:tid 28820] [client 45.148.10.67:18730] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airQNWASBxmYCTXNMW6cmAAAAQI"]
[Thu Jun 11 12:11:49.650086 2026] [security2:error] [pid 28740:tid 28764] [client 45.148.10.67:18744] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airQNYagfRjXQ0p98P4csAAAABQ"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 12:16:48.482094 2026] [security2:error] [pid 18250:tid 18277] [client 43.158.91.71:38508] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airRYIquOaPLD-Glmkmd8wAAANc"]
[Thu Jun 11 12:16:48.482199 2026] [security2:error] [pid 18250:tid 18277] [client 43.158.91.71:38508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airRYIquOaPLD-Glmkmd8wAAANc"]
[Thu Jun 11 12:16:48.482800 2026] [security2:error] [pid 18250:tid 18277] [client 43.158.91.71:38508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airRYIquOaPLD-Glmkmd8wAAANc"]
[Thu Jun 11 12:16:48.483718 2026] [security2:error] [pid 18250:tid 18277] [client 43.158.91.71:38508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airRYIquOaPLD-Glmkmd8wAAANc"]
[Thu Jun 11 12:17:37.332297 2026] [security2:error] [pid 18250:tid 18275] [client 34.123.82.129:45372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airRkYquOaPLD-GlmkmfTQAAANU"]
[Thu Jun 11 12:17:37.332735 2026] [security2:error] [pid 18250:tid 18275] [client 34.123.82.129:45372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airRkYquOaPLD-GlmkmfTQAAANU"]
[Thu Jun 11 12:17:37.333040 2026] [security2:error] [pid 18250:tid 18275] [client 34.123.82.129:45372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airRkYquOaPLD-GlmkmfTQAAANU"]
[Thu Jun 11 12:18:20.046833 2026] [security2:error] [pid 28740:tid 28759] [client 185.226.197.72:56266] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airRvIagfRjXQ0p98P4jpwAAAA8"]
[Thu Jun 11 12:18:30.263542 2026] [security2:error] [pid 28740:tid 28761] [client 71.6.134.233:50308] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airRxoagfRjXQ0p98P4jywAAABE"], referer: http://13.84.161.190/
[Thu Jun 11 12:23:49.010604 2026] [security2:error] [pid 8022:tid 8043] [client 101.32.15.141:50736] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "airTBY89NgQ7K0QZaBkotwAAAUs"], referer: http://machen.ai
[Thu Jun 11 12:24:38.018939 2026] [:error] [pid 28790:tid 28841] [client 20.226.65.206:24732] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Thu Jun 11 12:24:38.175136 2026] [:error] [pid 28790:tid 28841] [client 20.226.65.206:24732] File does not exist: /disk001/sonne/public_html/wp-Blogs.php
[Thu Jun 11 12:33:55.918901 2026] [cgid:error] [pid 28740:tid 28755] [client 15.235.27.119:50082] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 12:34:24.766783 2026] [security2:error] [pid 28740:tid 28757] [client 172.236.228.86:36376] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airVgIagfRjXQ0p98P4xeAAAAA0"]
[Thu Jun 11 12:34:24.847097 2026] [security2:error] [pid 28740:tid 28757] [client 172.236.228.86:36376] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airVgIagfRjXQ0p98P4xeQAAAA0"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 12:35:42.456818 2026] [security2:error] [pid 28740:tid 28751] [client 78.153.140.93:52218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airVzoagfRjXQ0p98P4y8QAAAAc"]
[Thu Jun 11 12:35:42.457195 2026] [security2:error] [pid 28740:tid 28751] [client 78.153.140.93:52218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airVzoagfRjXQ0p98P4y8QAAAAc"]
[Thu Jun 11 12:35:42.457426 2026] [security2:error] [pid 28740:tid 28751] [client 78.153.140.93:52218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airVzoagfRjXQ0p98P4y8QAAAAc"]
[Thu Jun 11 12:35:42.458331 2026] [security2:error] [pid 28740:tid 28751] [client 78.153.140.93:52218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airVzoagfRjXQ0p98P4y8QAAAAc"]
[Thu Jun 11 12:35:42.836714 2026] [security2:error] [pid 28791:tid 28807] [client 78.153.140.93:52226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airVzv9E86NgzsLW5NfHnAAAAJE"]
[Thu Jun 11 12:41:34.544058 2026] [security2:error] [pid 28791:tid 28814] [client 167.71.71.11:58062] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airXLv9E86NgzsLW5NfPkgAAAJg"]
[Thu Jun 11 12:41:34.955846 2026] [security2:error] [pid 8022:tid 8037] [client 167.71.71.11:58068] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airXLo89NgQ7K0QZaBk8uwAAAUU"], referer: https://13.66.22.226:443
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 12:41:35.468520 2026] [security2:error] [pid 28740:tid 28749] [client 167.71.71.11:39758] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airXL4agfRjXQ0p98P43LAAAAAU"]
[Thu Jun 11 12:41:35.865095 2026] [security2:error] [pid 8022:tid 8046] [client 167.71.71.11:39762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airXL489NgQ7K0QZaBk8wAAAAU4"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 12:51:25.458941 2026] [security2:error] [pid 28791:tid 28802] [client 77.83.39.197:57874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZff9E86NgzsLW5NfaXQAAAIs"]
[Thu Jun 11 12:51:25.459358 2026] [security2:error] [pid 28791:tid 28802] [client 77.83.39.197:57874] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZff9E86NgzsLW5NfaXQAAAIs"]
[Thu Jun 11 12:51:25.459487 2026] [security2:error] [pid 28791:tid 28802] [client 77.83.39.197:57874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZff9E86NgzsLW5NfaXQAAAIs"]
[Thu Jun 11 12:51:25.459762 2026] [security2:error] [pid 28791:tid 28802] [client 77.83.39.197:57874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZff9E86NgzsLW5NfaXQAAAIs"]
[Thu Jun 11 12:51:25.460193 2026] [security2:error] [pid 28791:tid 28802] [client 77.83.39.197:57874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airZff9E86NgzsLW5NfaXQAAAIs"]
[Thu Jun 11 12:51:33.694137 2026] [security2:error] [pid 28790:tid 28833] [client 185.242.226.113:56165] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airZhWASBxmYCTXNMW7ChAAAAQ8"]
[Thu Jun 11 12:51:44.632318 2026] [security2:error] [pid 28790:tid 28839] [client 77.83.39.197:55050] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZkGASBxmYCTXNMW7CwwAAARU"]
[Thu Jun 11 12:51:44.632492 2026] [security2:error] [pid 28790:tid 28839] [client 77.83.39.197:55050] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZkGASBxmYCTXNMW7CwwAAARU"]
[Thu Jun 11 12:51:44.632674 2026] [security2:error] [pid 28790:tid 28839] [client 77.83.39.197:55050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZkGASBxmYCTXNMW7CwwAAARU"]
[Thu Jun 11 12:51:44.633051 2026] [security2:error] [pid 28790:tid 28839] [client 77.83.39.197:55050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airZkGASBxmYCTXNMW7CwwAAARU"]
[Thu Jun 11 12:51:44.633405 2026] [security2:error] [pid 28790:tid 28839] [client 77.83.39.197:55050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airZkGASBxmYCTXNMW7CwwAAARU"]
[Thu Jun 11 12:57:36.276498 2026] [security2:error] [pid 8022:tid 8036] [client 34.168.182.213:34896] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPcwAAAUQ"]
[Thu Jun 11 12:57:36.276952 2026] [security2:error] [pid 8022:tid 8036] [client 34.168.182.213:34896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPcwAAAUQ"]
[Thu Jun 11 12:57:36.277222 2026] [security2:error] [pid 8022:tid 8036] [client 34.168.182.213:34896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPcwAAAUQ"]
[Thu Jun 11 12:57:36.381925 2026] [security2:error] [pid 28740:tid 28748] [client 34.168.182.213:34900] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aira8IagfRjXQ0p98P5HPQAAAAQ"]
[Thu Jun 11 12:57:36.382324 2026] [security2:error] [pid 28740:tid 28748] [client 34.168.182.213:34900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aira8IagfRjXQ0p98P5HPQAAAAQ"]
[Thu Jun 11 12:57:36.382707 2026] [security2:error] [pid 28740:tid 28748] [client 34.168.182.213:34900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aira8IagfRjXQ0p98P5HPQAAAAQ"]
[Thu Jun 11 12:57:36.410776 2026] [security2:error] [pid 28790:tid 28839] [client 34.168.182.213:34904] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aira8GASBxmYCTXNMW7JmgAAARU"]
[Thu Jun 11 12:57:36.411195 2026] [security2:error] [pid 28790:tid 28839] [client 34.168.182.213:34904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aira8GASBxmYCTXNMW7JmgAAARU"]
[Thu Jun 11 12:57:36.411761 2026] [security2:error] [pid 28790:tid 28839] [client 34.168.182.213:34904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aira8GASBxmYCTXNMW7JmgAAARU"]
[Thu Jun 11 12:57:36.425705 2026] [security2:error] [pid 8022:tid 8040] [client 34.168.182.213:34912] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPdAAAAUg"]
[Thu Jun 11 12:57:36.426324 2026] [security2:error] [pid 8022:tid 8040] [client 34.168.182.213:34912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPdAAAAUg"]
[Thu Jun 11 12:57:36.426606 2026] [security2:error] [pid 8022:tid 8040] [client 34.168.182.213:34912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aira8I89NgQ7K0QZaBlPdAAAAUg"]
[Thu Jun 11 12:57:36.458296 2026] [security2:error] [pid 28740:tid 28762] [client 34.168.182.213:34924] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "erhabenn.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aira8IagfRjXQ0p98P5HPgAAABI"]
[Thu Jun 11 12:57:36.458745 2026] [security2:error] [pid 28740:tid 28762] [client 34.168.182.213:34924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aira8IagfRjXQ0p98P5HPgAAABI"]
[Thu Jun 11 12:57:36.459016 2026] [security2:error] [pid 28740:tid 28762] [client 34.168.182.213:34924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/wp-json/wp/v2/settings"] [unique_id "aira8IagfRjXQ0p98P5HPgAAABI"]
[Thu Jun 11 12:57:48.801702 2026] [security2:error] [pid 18250:tid 18273] [client 78.153.140.50:36550] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aira_IquOaPLD-GlmknF_QAAANM"]
[Thu Jun 11 12:57:48.801971 2026] [security2:error] [pid 18250:tid 18273] [client 78.153.140.50:36550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aira_IquOaPLD-GlmknF_QAAANM"]
[Thu Jun 11 12:57:48.802290 2026] [security2:error] [pid 18250:tid 18273] [client 78.153.140.50:36550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aira_IquOaPLD-GlmknF_QAAANM"]
[Thu Jun 11 12:57:48.896460 2026] [security2:error] [pid 18250:tid 18273] [client 78.153.140.50:36550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aira_IquOaPLD-GlmknF_QAAANM"]
[Thu Jun 11 12:57:49.813190 2026] [security2:error] [pid 28790:tid 28829] [client 78.153.140.50:36564] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aira_WASBxmYCTXNMW7JzAAAAQs"]
[Thu Jun 11 13:01:56.322006 2026] [security2:error] [pid 28791:tid 28812] [client 93.123.109.178:35440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "cloud.erhabenn.com.br"] [uri "/"] [unique_id "airb9P9E86NgzsLW5NfmKAAAAJY"]
[Thu Jun 11 13:01:56.322371 2026] [security2:error] [pid 28791:tid 28812] [client 93.123.109.178:35440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cloud.erhabenn.com.br"] [uri "/"] [unique_id "airb9P9E86NgzsLW5NfmKAAAAJY"]
[Thu Jun 11 13:01:56.322668 2026] [security2:error] [pid 28791:tid 28812] [client 93.123.109.178:35440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cloud.erhabenn.com.br"] [uri "/"] [unique_id "airb9P9E86NgzsLW5NfmKAAAAJY"]
[Thu Jun 11 13:06:31.686621 2026] [security2:error] [pid 18250:tid 18261] [client 167.71.71.11:59400] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airdB4quOaPLD-GlmknQRAAAAMc"]
[Thu Jun 11 13:06:32.155934 2026] [security2:error] [pid 28791:tid 28809] [client 167.71.71.11:59414] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airdCP9E86NgzsLW5Nfs_QAAAJM"]
[Thu Jun 11 13:06:46.814240 2026] [security2:error] [pid 28790:tid 28828] [client 78.153.140.250:54048] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airdFmASBxmYCTXNMW7RTgAAAQo"]
[Thu Jun 11 13:06:46.814549 2026] [security2:error] [pid 28790:tid 28828] [client 78.153.140.250:54048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airdFmASBxmYCTXNMW7RTgAAAQo"]
[Thu Jun 11 13:06:46.814967 2026] [security2:error] [pid 28790:tid 28828] [client 78.153.140.250:54048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airdFmASBxmYCTXNMW7RTgAAAQo"]
[Thu Jun 11 13:06:46.815247 2026] [security2:error] [pid 28790:tid 28828] [client 78.153.140.250:54048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airdFmASBxmYCTXNMW7RTgAAAQo"]
[Thu Jun 11 13:06:47.527947 2026] [security2:error] [pid 28740:tid 28767] [client 78.153.140.250:54064] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airdF4agfRjXQ0p98P5PZwAAABc"]
[Thu Jun 11 13:11:17.251489 2026] [security2:error] [pid 8022:tid 8050] [client 34.153.147.71:51260] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aireJY89NgQ7K0QZaBldTwAAAVI"]
[Thu Jun 11 13:11:17.251885 2026] [security2:error] [pid 8022:tid 8050] [client 34.153.147.71:51260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aireJY89NgQ7K0QZaBldTwAAAVI"]
[Thu Jun 11 13:11:17.255671 2026] [security2:error] [pid 28740:tid 28762] [client 34.153.147.71:51272] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aireJYagfRjXQ0p98P5UdwAAABI"]
[Thu Jun 11 13:11:17.255992 2026] [security2:error] [pid 28740:tid 28762] [client 34.153.147.71:51272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/settings"] [unique_id "aireJYagfRjXQ0p98P5UdwAAABI"]
[Thu Jun 11 13:11:17.299951 2026] [security2:error] [pid 28791:tid 28808] [client 34.153.147.71:51288] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fls.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aireJf9E86NgzsLW5NfzcwAAAJI"]
[Thu Jun 11 13:11:17.300864 2026] [security2:error] [pid 28791:tid 28808] [client 34.153.147.71:51288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/wp-json/wp/v2/settings"] [unique_id "aireJf9E86NgzsLW5NfzcwAAAJI"]
[Thu Jun 11 13:11:17.324263 2026] [security2:error] [pid 28740:tid 28762] [client 34.153.147.71:51272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aireJYagfRjXQ0p98P5UdwAAABI"]
[Thu Jun 11 13:11:17.338393 2026] [security2:error] [pid 28791:tid 28808] [client 34.153.147.71:51288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aireJf9E86NgzsLW5NfzcwAAAJI"]
[Thu Jun 11 13:11:17.360334 2026] [security2:error] [pid 8022:tid 8050] [client 34.153.147.71:51260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aireJY89NgQ7K0QZaBldTwAAAVI"]
[Thu Jun 11 13:11:17.393087 2026] [security2:error] [pid 8022:tid 8046] [client 34.153.147.71:51290] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aireJY89NgQ7K0QZaBldUQAAAU4"]
[Thu Jun 11 13:11:17.393613 2026] [security2:error] [pid 8022:tid 8046] [client 34.153.147.71:51290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/config"] [unique_id "aireJY89NgQ7K0QZaBldUQAAAU4"]
[Thu Jun 11 13:11:17.394718 2026] [security2:error] [pid 8022:tid 8046] [client 34.153.147.71:51290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aireJY89NgQ7K0QZaBldUQAAAU4"]
[Thu Jun 11 13:11:17.668286 2026] [security2:error] [pid 28740:tid 28764] [client 34.153.147.71:51302] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aireJYagfRjXQ0p98P5UewAAABQ"]
[Thu Jun 11 13:11:17.669068 2026] [security2:error] [pid 28740:tid 28764] [client 34.153.147.71:51302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aireJYagfRjXQ0p98P5UewAAABQ"]
[Thu Jun 11 13:11:17.674026 2026] [security2:error] [pid 28740:tid 28764] [client 34.153.147.71:51302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aireJYagfRjXQ0p98P5UewAAABQ"]
[Thu Jun 11 13:17:38.017102 2026] [security2:error] [pid 8022:tid 8044] [client 205.210.31.139:60842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "airfoo89NgQ7K0QZaBljTwAAAUw"]
[Thu Jun 11 13:18:26.137676 2026] [security2:error] [pid 28790:tid 28818] [client 4.240.117.210:33296] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airf0mASBxmYCTXNMW7cvwAAAQA"]
[Thu Jun 11 13:18:26.987148 2026] [security2:error] [pid 28740:tid 28753] [client 4.240.117.210:36354] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airf0oagfRjXQ0p98P5cGQAAAAk"]
[Thu Jun 11 13:18:27.217247 2026] [security2:error] [pid 28740:tid 28753] [client 4.240.117.210:36354] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airf04agfRjXQ0p98P5cGwAAAAk"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 13:22:19.900699 2026] [security2:error] [pid 9918:tid 9928] [client 3.144.72.196:25610] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airgu04Kpjoch0F_BSpJHwAAAEY"]
[Thu Jun 11 13:22:20.213933 2026] [security2:error] [pid 9918:tid 9928] [client 3.144.72.196:25610] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airgvE4Kpjoch0F_BSpJIAAAAEY"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 13:32:29.501855 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "airjHazVaq-mvl-Hfs-NyQAAABY"]
[Thu Jun 11 13:32:29.502138 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "airjHazVaq-mvl-Hfs-NyQAAABY"]
[Thu Jun 11 13:32:29.502553 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "airjHazVaq-mvl-Hfs-NyQAAABY"]
[Thu Jun 11 13:32:29.883074 2026] [cgid:error] [pid 9918:tid 9929] [client 88.151.32.188:33838] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Thu Jun 11 13:32:30.941494 2026] [security2:error] [pid 9918:tid 9941] [client 88.151.32.188:53438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airjHk4Kpjoch0F_BSpTOgAAAFM"]
[Thu Jun 11 13:32:30.941953 2026] [security2:error] [pid 9918:tid 9941] [client 88.151.32.188:53438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airjHk4Kpjoch0F_BSpTOgAAAFM"]
[Thu Jun 11 13:32:30.942286 2026] [security2:error] [pid 9918:tid 9941] [client 88.151.32.188:53438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "airjHk4Kpjoch0F_BSpTOgAAAFM"]
[Thu Jun 11 13:32:31.197513 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "airjH6zVaq-mvl-Hfs-N0QAAAAc"]
[Thu Jun 11 13:32:31.197822 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "airjH6zVaq-mvl-Hfs-N0QAAAAc"]
[Thu Jun 11 13:32:31.198108 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "airjH6zVaq-mvl-Hfs-N0QAAAAc"]
[Thu Jun 11 13:32:31.221294 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.example"] [unique_id "airjH0KTwdTIu69rj421jAAAAMo"]
[Thu Jun 11 13:32:31.221805 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.example"] [unique_id "airjH0KTwdTIu69rj421jAAAAMo"]
[Thu Jun 11 13:32:31.222242 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.example"] [unique_id "airjH0KTwdTIu69rj421jAAAAMo"]
[Thu Jun 11 13:32:31.226545 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "airjH6zVaq-mvl-Hfs-N0gAAABY"]
[Thu Jun 11 13:32:31.226830 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "airjH6zVaq-mvl-Hfs-N0gAAABY"]
[Thu Jun 11 13:32:31.227250 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "airjH6zVaq-mvl-Hfs-N0gAAABY"]
[Thu Jun 11 13:32:32.252725 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "airjIEKTwdTIu69rj421lAAAAMo"]
[Thu Jun 11 13:32:32.253021 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "airjIEKTwdTIu69rj421lAAAAMo"]
[Thu Jun 11 13:32:32.253316 2026] [security2:error] [pid 21243:tid 21256] [client 88.151.32.188:53450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "airjIEKTwdTIu69rj421lAAAAMo"]
[Thu Jun 11 13:32:32.304693 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "airjIKzVaq-mvl-Hfs-N1wAAABY"]
[Thu Jun 11 13:32:32.304966 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "airjIKzVaq-mvl-Hfs-N1wAAABY"]
[Thu Jun 11 13:32:32.305269 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "airjIKzVaq-mvl-Hfs-N1wAAABY"]
[Thu Jun 11 13:32:32.395007 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "airjIKzVaq-mvl-Hfs-N2AAAAAc"]
[Thu Jun 11 13:32:32.395369 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "airjIKzVaq-mvl-Hfs-N2AAAAAc"]
[Thu Jun 11 13:32:32.395791 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "airjIKzVaq-mvl-Hfs-N2AAAAAc"]
[Thu Jun 11 13:32:33.548615 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "airjIazVaq-mvl-Hfs-N3AAAAAc"]
[Thu Jun 11 13:32:33.548805 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "airjIazVaq-mvl-Hfs-N3AAAAAc"]
[Thu Jun 11 13:32:33.549059 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "airjIazVaq-mvl-Hfs-N3AAAAAc"]
[Thu Jun 11 13:32:33.549335 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "airjIazVaq-mvl-Hfs-N3AAAAAc"]
[Thu Jun 11 13:32:33.567733 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "airjIazVaq-mvl-Hfs-N3QAAABY"]
[Thu Jun 11 13:32:33.567900 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "airjIazVaq-mvl-Hfs-N3QAAABY"]
[Thu Jun 11 13:32:33.568130 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "airjIazVaq-mvl-Hfs-N3QAAABY"]
[Thu Jun 11 13:32:33.568395 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "airjIazVaq-mvl-Hfs-N3QAAABY"]
[Thu Jun 11 13:32:34.288853 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "airjIqzVaq-mvl-Hfs-N4gAAAAQ"]
[Thu Jun 11 13:32:34.289093 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "airjIqzVaq-mvl-Hfs-N4gAAAAQ"]
[Thu Jun 11 13:32:34.289396 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "airjIqzVaq-mvl-Hfs-N4gAAAAQ"]
[Thu Jun 11 13:32:34.756806 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "airjIqzVaq-mvl-Hfs-N5QAAABY"]
[Thu Jun 11 13:32:34.757103 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "airjIqzVaq-mvl-Hfs-N5QAAABY"]
[Thu Jun 11 13:32:34.757620 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "airjIqzVaq-mvl-Hfs-N5QAAABY"]
[Thu Jun 11 13:32:35.179183 2026] [security2:error] [pid 21296:tid 21318] [client 88.151.32.188:33824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "airjI6zVaq-mvl-Hfs-N5wAAABM"]
[Thu Jun 11 13:32:35.179499 2026] [security2:error] [pid 21296:tid 21318] [client 88.151.32.188:33824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "airjI6zVaq-mvl-Hfs-N5wAAABM"]
[Thu Jun 11 13:32:35.180025 2026] [security2:error] [pid 21296:tid 21318] [client 88.151.32.188:33824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "airjI6zVaq-mvl-Hfs-N5wAAABM"]
[Thu Jun 11 13:32:35.226599 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "airjI6zVaq-mvl-Hfs-N6AAAAAc"]
[Thu Jun 11 13:32:35.226788 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "airjI6zVaq-mvl-Hfs-N6AAAAAc"]
[Thu Jun 11 13:32:35.227158 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "airjI6zVaq-mvl-Hfs-N6AAAAAc"]
[Thu Jun 11 13:32:35.227645 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "airjI6zVaq-mvl-Hfs-N6AAAAAc"]
[Thu Jun 11 13:32:35.652661 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "airjI6zVaq-mvl-Hfs-N6QAAAAQ"]
[Thu Jun 11 13:32:35.652913 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "airjI6zVaq-mvl-Hfs-N6QAAAAQ"]
[Thu Jun 11 13:32:35.653187 2026] [security2:error] [pid 21296:tid 21304] [client 88.151.32.188:53476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "airjI6zVaq-mvl-Hfs-N6QAAAAQ"]
[Thu Jun 11 13:32:38.986150 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "airjJqzVaq-mvl-Hfs-N9wAAAAc"]
[Thu Jun 11 13:32:38.986397 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "airjJqzVaq-mvl-Hfs-N9wAAAAc"]
[Thu Jun 11 13:32:38.986732 2026] [security2:error] [pid 21296:tid 21306] [client 88.151.32.188:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "airjJqzVaq-mvl-Hfs-N9wAAAAc"]
[Thu Jun 11 13:32:39.139286 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "airjJ6zVaq-mvl-Hfs-N-QAAABY"]
[Thu Jun 11 13:32:39.139617 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "airjJ6zVaq-mvl-Hfs-N-QAAABY"]
[Thu Jun 11 13:32:39.140019 2026] [security2:error] [pid 21296:tid 21321] [client 88.151.32.188:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "airjJ6zVaq-mvl-Hfs-N-QAAABY"]
[Thu Jun 11 13:36:28.968067 2026] [security2:error] [pid 8022:tid 8034] [client 185.242.226.113:42117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airkDI89NgQ7K0QZaBl1mQAAAUI"]
[Thu Jun 11 13:37:28.434805 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:56882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "airkSI89NgQ7K0QZaBl1-gAAAVE"]
[Thu Jun 11 13:37:28.435083 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:56882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "airkSI89NgQ7K0QZaBl1-gAAAVE"]
[Thu Jun 11 13:37:28.435416 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:56882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "airkSI89NgQ7K0QZaBl1-gAAAVE"]
[Thu Jun 11 13:37:30.133194 2026] [security2:error] [pid 21295:tid 21328] [client 144.172.106.68:56890] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.local"] [unique_id "airkSjlbUCMVJYfLxkqpGwAAAII"]
[Thu Jun 11 13:37:30.133394 2026] [security2:error] [pid 21295:tid 21328] [client 144.172.106.68:56890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.local"] [unique_id "airkSjlbUCMVJYfLxkqpGwAAAII"]
[Thu Jun 11 13:37:30.133769 2026] [security2:error] [pid 21295:tid 21328] [client 144.172.106.68:56890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.local"] [unique_id "airkSjlbUCMVJYfLxkqpGwAAAII"]
[Thu Jun 11 13:37:38.737702 2026] [security2:error] [pid 21296:tid 21310] [client 144.172.106.68:41654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.development"] [unique_id "airkUqzVaq-mvl-Hfs-TTwAAAAs"]
[Thu Jun 11 13:37:38.737954 2026] [security2:error] [pid 21296:tid 21310] [client 144.172.106.68:41654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.development"] [unique_id "airkUqzVaq-mvl-Hfs-TTwAAAAs"]
[Thu Jun 11 13:37:38.738245 2026] [security2:error] [pid 21296:tid 21310] [client 144.172.106.68:41654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.development"] [unique_id "airkUqzVaq-mvl-Hfs-TTwAAAAs"]
[Thu Jun 11 13:37:49.819918 2026] [security2:error] [pid 8022:tid 8036] [client 144.172.106.68:47722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.test"] [unique_id "airkXY89NgQ7K0QZaBl2KgAAAUQ"]
[Thu Jun 11 13:37:49.820225 2026] [security2:error] [pid 8022:tid 8036] [client 144.172.106.68:47722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.test"] [unique_id "airkXY89NgQ7K0QZaBl2KgAAAUQ"]
[Thu Jun 11 13:37:49.820503 2026] [security2:error] [pid 8022:tid 8036] [client 144.172.106.68:47722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.test"] [unique_id "airkXY89NgQ7K0QZaBl2KgAAAUQ"]
[Thu Jun 11 13:37:51.159443 2026] [security2:error] [pid 8022:tid 8052] [client 144.172.106.68:47724] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "erhabenn.com.br"] [uri "/.env.backup"] [unique_id "airkX489NgQ7K0QZaBl2LAAAAVQ"]
[Thu Jun 11 13:37:51.159633 2026] [security2:error] [pid 8022:tid 8052] [client 144.172.106.68:47724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.backup"] [unique_id "airkX489NgQ7K0QZaBl2LAAAAVQ"]
[Thu Jun 11 13:37:51.159913 2026] [security2:error] [pid 8022:tid 8052] [client 144.172.106.68:47724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.backup"] [unique_id "airkX489NgQ7K0QZaBl2LAAAAVQ"]
[Thu Jun 11 13:37:51.160233 2026] [security2:error] [pid 8022:tid 8052] [client 144.172.106.68:47724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.backup"] [unique_id "airkX489NgQ7K0QZaBl2LAAAAVQ"]
[Thu Jun 11 13:37:52.571799 2026] [security2:error] [pid 8022:tid 8042] [client 144.172.106.68:47738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.example"] [unique_id "airkYI89NgQ7K0QZaBl2LgAAAUo"]
[Thu Jun 11 13:37:52.572108 2026] [security2:error] [pid 8022:tid 8042] [client 144.172.106.68:47738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.example"] [unique_id "airkYI89NgQ7K0QZaBl2LgAAAUo"]
[Thu Jun 11 13:37:52.572372 2026] [security2:error] [pid 8022:tid 8042] [client 144.172.106.68:47738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.example"] [unique_id "airkYI89NgQ7K0QZaBl2LgAAAUo"]
[Thu Jun 11 13:37:54.445317 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:47748] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "erhabenn.com.br"] [uri "/.env.bak"] [unique_id "airkYo89NgQ7K0QZaBl2NAAAAVE"]
[Thu Jun 11 13:37:54.445516 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:47748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.bak"] [unique_id "airkYo89NgQ7K0QZaBl2NAAAAVE"]
[Thu Jun 11 13:37:54.445730 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:47748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.bak"] [unique_id "airkYo89NgQ7K0QZaBl2NAAAAVE"]
[Thu Jun 11 13:37:54.446048 2026] [security2:error] [pid 8022:tid 8049] [client 144.172.106.68:47748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.bak"] [unique_id "airkYo89NgQ7K0QZaBl2NAAAAVE"]
[Thu Jun 11 13:37:58.190621 2026] [security2:error] [pid 8022:tid 8048] [client 144.172.106.68:35808] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "erhabenn.com.br"] [uri "/.env.old"] [unique_id "airkZo89NgQ7K0QZaBl2PgAAAVA"]
[Thu Jun 11 13:37:58.190788 2026] [security2:error] [pid 8022:tid 8048] [client 144.172.106.68:35808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env.old"] [unique_id "airkZo89NgQ7K0QZaBl2PgAAAVA"]
[Thu Jun 11 13:37:58.191024 2026] [security2:error] [pid 8022:tid 8048] [client 144.172.106.68:35808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env.old"] [unique_id "airkZo89NgQ7K0QZaBl2PgAAAVA"]
[Thu Jun 11 13:37:58.191383 2026] [security2:error] [pid 8022:tid 8048] [client 144.172.106.68:35808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env.old"] [unique_id "airkZo89NgQ7K0QZaBl2PgAAAVA"]
[Thu Jun 11 13:38:33.000706 2026] [security2:error] [pid 21295:tid 21341] [client 144.172.106.68:43348] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "airkiDlbUCMVJYfLxkqqJAAAAI8"]
[Thu Jun 11 13:38:33.000983 2026] [security2:error] [pid 21295:tid 21341] [client 144.172.106.68:43348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "airkiDlbUCMVJYfLxkqqJAAAAI8"]
[Thu Jun 11 13:38:33.001344 2026] [security2:error] [pid 21295:tid 21341] [client 144.172.106.68:43348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "airkiDlbUCMVJYfLxkqqJAAAAI8"]
[Thu Jun 11 13:38:37.378535 2026] [security2:error] [pid 21295:tid 21337] [client 144.172.106.68:43358] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.aws/config"] [unique_id "airkjTlbUCMVJYfLxkqqOgAAAIs"]
[Thu Jun 11 13:38:37.378839 2026] [security2:error] [pid 21295:tid 21337] [client 144.172.106.68:43358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.aws/config"] [unique_id "airkjTlbUCMVJYfLxkqqOgAAAIs"]
[Thu Jun 11 13:38:37.379232 2026] [security2:error] [pid 21295:tid 21337] [client 144.172.106.68:43358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.aws/config"] [unique_id "airkjTlbUCMVJYfLxkqqOgAAAIs"]
[Thu Jun 11 13:39:07.578169 2026] [security2:error] [pid 9918:tid 9936] [client 144.172.106.68:41664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/private/.env"] [unique_id "airkq04Kpjoch0F_BSpagwAAAE4"]
[Thu Jun 11 13:39:07.578522 2026] [security2:error] [pid 9918:tid 9936] [client 144.172.106.68:41664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/private/.env"] [unique_id "airkq04Kpjoch0F_BSpagwAAAE4"]
[Thu Jun 11 13:39:07.578845 2026] [security2:error] [pid 9918:tid 9936] [client 144.172.106.68:41664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/private/.env"] [unique_id "airkq04Kpjoch0F_BSpagwAAAE4"]
[Thu Jun 11 13:39:08.845167 2026] [security2:error] [pid 9918:tid 9940] [client 144.172.106.68:41670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/backup/.env"] [unique_id "airkrE4Kpjoch0F_BSpahgAAAFI"]
[Thu Jun 11 13:39:08.845469 2026] [security2:error] [pid 9918:tid 9940] [client 144.172.106.68:41670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/backup/.env"] [unique_id "airkrE4Kpjoch0F_BSpahgAAAFI"]
[Thu Jun 11 13:39:08.845827 2026] [security2:error] [pid 9918:tid 9940] [client 144.172.106.68:41670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/backup/.env"] [unique_id "airkrE4Kpjoch0F_BSpahgAAAFI"]
[Thu Jun 11 13:39:10.951940 2026] [security2:error] [pid 21243:tid 21270] [client 144.172.106.68:41684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/test/.env"] [unique_id "airkrkKTwdTIu69rj42-8AAAANg"]
[Thu Jun 11 13:39:10.952197 2026] [security2:error] [pid 21243:tid 21270] [client 144.172.106.68:41684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/test/.env"] [unique_id "airkrkKTwdTIu69rj42-8AAAANg"]
[Thu Jun 11 13:39:10.952517 2026] [security2:error] [pid 21243:tid 21270] [client 144.172.106.68:41684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/test/.env"] [unique_id "airkrkKTwdTIu69rj42-8AAAANg"]
[Thu Jun 11 13:39:15.556415 2026] [security2:error] [pid 21243:tid 21269] [client 144.172.106.68:41700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/dev/.env"] [unique_id "airks0KTwdTIu69rj42_CAAAANc"]
[Thu Jun 11 13:39:15.556689 2026] [security2:error] [pid 21243:tid 21269] [client 144.172.106.68:41700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/dev/.env"] [unique_id "airks0KTwdTIu69rj42_CAAAANc"]
[Thu Jun 11 13:39:15.556965 2026] [security2:error] [pid 21243:tid 21269] [client 144.172.106.68:41700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/dev/.env"] [unique_id "airks0KTwdTIu69rj42_CAAAANc"]
[Thu Jun 11 13:39:20.139726 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:33726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/staging/.env"] [unique_id "airkuEKTwdTIu69rj42_JwAAAMU"]
[Thu Jun 11 13:39:20.140000 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:33726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/staging/.env"] [unique_id "airkuEKTwdTIu69rj42_JwAAAMU"]
[Thu Jun 11 13:39:20.140302 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:33726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/staging/.env"] [unique_id "airkuEKTwdTIu69rj42_JwAAAMU"]
[Thu Jun 11 13:39:22.029593 2026] [security2:error] [pid 21296:tid 21377] [client 144.172.106.68:33734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/production/.env"] [unique_id "airkuqzVaq-mvl-Hfs-VDQAAAAU"]
[Thu Jun 11 13:39:22.029808 2026] [security2:error] [pid 21296:tid 21377] [client 144.172.106.68:33734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/production/.env"] [unique_id "airkuqzVaq-mvl-Hfs-VDQAAAAU"]
[Thu Jun 11 13:39:22.030161 2026] [security2:error] [pid 21296:tid 21377] [client 144.172.106.68:33734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/production/.env"] [unique_id "airkuqzVaq-mvl-Hfs-VDQAAAAU"]
[Thu Jun 11 13:39:23.845683 2026] [security2:error] [pid 21243:tid 21260] [client 144.172.106.68:33742] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "airku0KTwdTIu69rj42_QwAAAM4"]
[Thu Jun 11 13:39:23.845957 2026] [security2:error] [pid 21243:tid 21260] [client 144.172.106.68:33742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "airku0KTwdTIu69rj42_QwAAAM4"]
[Thu Jun 11 13:39:23.846214 2026] [security2:error] [pid 21243:tid 21260] [client 144.172.106.68:33742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "airku0KTwdTIu69rj42_QwAAAM4"]
[Thu Jun 11 13:39:56.000723 2026] [security2:error] [pid 8022:tid 8053] [client 172.235.41.110:13218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airk2489NgQ7K0QZaBl3cAAAAVU"]
[Thu Jun 11 13:39:56.039090 2026] [security2:error] [pid 8022:tid 8053] [client 172.235.41.110:13218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airk3I89NgQ7K0QZaBl3cQAAAVU"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 13:40:08.740081 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:41130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/cms/.env"] [unique_id "airk6EKTwdTIu69rj43AlgAAAMU"]
[Thu Jun 11 13:40:08.740324 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:41130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/cms/.env"] [unique_id "airk6EKTwdTIu69rj43AlgAAAMU"]
[Thu Jun 11 13:40:08.740871 2026] [security2:error] [pid 21243:tid 21251] [client 144.172.106.68:41130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/cms/.env"] [unique_id "airk6EKTwdTIu69rj43AlgAAAMU"]
[Thu Jun 11 13:40:20.705805 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:56200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/crm/.env"] [unique_id "airk9I89NgQ7K0QZaBl4DgAAAUI"]
[Thu Jun 11 13:40:20.706104 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:56200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/crm/.env"] [unique_id "airk9I89NgQ7K0QZaBl4DgAAAUI"]
[Thu Jun 11 13:40:20.706478 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:56200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/crm/.env"] [unique_id "airk9I89NgQ7K0QZaBl4DgAAAUI"]
[Thu Jun 11 13:40:27.458482 2026] [security2:error] [pid 9918:tid 9934] [client 144.172.106.68:47940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/mailer/.env"] [unique_id "airk-04Kpjoch0F_BSpbrAAAAEw"]
[Thu Jun 11 13:40:27.458729 2026] [security2:error] [pid 9918:tid 9934] [client 144.172.106.68:47940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/mailer/.env"] [unique_id "airk-04Kpjoch0F_BSpbrAAAAEw"]
[Thu Jun 11 13:40:27.459008 2026] [security2:error] [pid 9918:tid 9934] [client 144.172.106.68:47940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/mailer/.env"] [unique_id "airk-04Kpjoch0F_BSpbrAAAAEw"]
[Thu Jun 11 13:40:29.838677 2026] [security2:error] [pid 21296:tid 21317] [client 144.172.106.68:47942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deployment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/deployment/.env"] [unique_id "airk_azVaq-mvl-Hfs-WEQAAABI"]
[Thu Jun 11 13:40:29.838933 2026] [security2:error] [pid 21296:tid 21317] [client 144.172.106.68:47942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/deployment/.env"] [unique_id "airk_azVaq-mvl-Hfs-WEQAAABI"]
[Thu Jun 11 13:40:29.839181 2026] [security2:error] [pid 21296:tid 21317] [client 144.172.106.68:47942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/deployment/.env"] [unique_id "airk_azVaq-mvl-Hfs-WEQAAABI"]
[Thu Jun 11 13:40:41.171767 2026] [security2:error] [pid 21295:tid 21338] [client 144.172.106.68:35316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /helm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/helm/.env"] [unique_id "airlCTlbUCMVJYfLxkqsFAAAAIw"]
[Thu Jun 11 13:40:41.171982 2026] [security2:error] [pid 21295:tid 21338] [client 144.172.106.68:35316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/helm/.env"] [unique_id "airlCTlbUCMVJYfLxkqsFAAAAIw"]
[Thu Jun 11 13:40:41.172281 2026] [security2:error] [pid 21295:tid 21338] [client 144.172.106.68:35316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/helm/.env"] [unique_id "airlCTlbUCMVJYfLxkqsFAAAAIw"]
[Thu Jun 11 13:40:42.400197 2026] [security2:error] [pid 9918:tid 9932] [client 144.172.106.68:35334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/terraform/.env"] [unique_id "airlCk4Kpjoch0F_BSpb4gAAAEo"]
[Thu Jun 11 13:40:42.400397 2026] [security2:error] [pid 9918:tid 9932] [client 144.172.106.68:35334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/terraform/.env"] [unique_id "airlCk4Kpjoch0F_BSpb4gAAAEo"]
[Thu Jun 11 13:40:42.400854 2026] [security2:error] [pid 9918:tid 9932] [client 144.172.106.68:35334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/terraform/.env"] [unique_id "airlCk4Kpjoch0F_BSpb4gAAAEo"]
[Thu Jun 11 13:40:43.339920 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:35344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/ansible/.env"] [unique_id "airlC489NgQ7K0QZaBl4vAAAAUI"]
[Thu Jun 11 13:40:43.340280 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:35344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/ansible/.env"] [unique_id "airlC489NgQ7K0QZaBl4vAAAAUI"]
[Thu Jun 11 13:40:43.340670 2026] [security2:error] [pid 8022:tid 8034] [client 144.172.106.68:35344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/ansible/.env"] [unique_id "airlC489NgQ7K0QZaBl4vAAAAUI"]
[Thu Jun 11 13:40:46.770887 2026] [security2:error] [pid 8022:tid 8041] [client 144.172.106.68:33916] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "airlDo89NgQ7K0QZaBl40QAAAUk"]
[Thu Jun 11 13:40:46.771178 2026] [security2:error] [pid 8022:tid 8041] [client 144.172.106.68:33916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "airlDo89NgQ7K0QZaBl40QAAAUk"]
[Thu Jun 11 13:40:46.771536 2026] [security2:error] [pid 8022:tid 8041] [client 144.172.106.68:33916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "airlDo89NgQ7K0QZaBl40QAAAUk"]
[Thu Jun 11 13:40:50.443564 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.443705 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at ARGS:file_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within ARGS:file_name: ../../../../../../~/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.443774 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.443820 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.443862 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:file_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:file_name: ../../../../../../~/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.443912 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:file_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:file_name: ../../../../../../~/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.444632 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 30)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:50.444953 2026] [security2:error] [pid 21243:tid 21246] [client 144.172.106.68:33930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 30 - SQLI=0,XSS=0,RFI=0,LFI=30,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 30, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/pms"] [unique_id "airlEkKTwdTIu69rj43BvQAAAMA"]
[Thu Jun 11 13:40:59.899426 2026] [security2:error] [pid 9918:tid 9945] [client 144.172.106.68:58416] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.git/config"] [unique_id "airlG04Kpjoch0F_BSpcPgAAAFc"]
[Thu Jun 11 13:40:59.899708 2026] [security2:error] [pid 9918:tid 9945] [client 144.172.106.68:58416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.git/config"] [unique_id "airlG04Kpjoch0F_BSpcPgAAAFc"]
[Thu Jun 11 13:40:59.899977 2026] [security2:error] [pid 9918:tid 9945] [client 144.172.106.68:58416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.git/config"] [unique_id "airlG04Kpjoch0F_BSpcPgAAAFc"]
[Thu Jun 11 13:41:01.299637 2026] [security2:error] [pid 21243:tid 21258] [client 144.172.106.68:58430] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.travis.yml"] [unique_id "airlHUKTwdTIu69rj43CFAAAAMw"]
[Thu Jun 11 13:41:01.299855 2026] [security2:error] [pid 21243:tid 21258] [client 144.172.106.68:58430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.travis.yml"] [unique_id "airlHUKTwdTIu69rj43CFAAAAMw"]
[Thu Jun 11 13:41:01.300126 2026] [security2:error] [pid 21243:tid 21258] [client 144.172.106.68:58430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.travis.yml"] [unique_id "airlHUKTwdTIu69rj43CFAAAAMw"]
[Thu Jun 11 13:41:02.413918 2026] [security2:error] [pid 21296:tid 21301] [client 144.172.106.68:58438] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.gitlab-ci.yml"] [unique_id "airlHqzVaq-mvl-Hfs-WXgAAAAE"]
[Thu Jun 11 13:41:02.414131 2026] [security2:error] [pid 21296:tid 21301] [client 144.172.106.68:58438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.gitlab-ci.yml"] [unique_id "airlHqzVaq-mvl-Hfs-WXgAAAAE"]
[Thu Jun 11 13:41:02.414399 2026] [security2:error] [pid 21296:tid 21301] [client 144.172.106.68:58438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.gitlab-ci.yml"] [unique_id "airlHqzVaq-mvl-Hfs-WXgAAAAE"]
[Thu Jun 11 13:41:19.514757 2026] [security2:error] [pid 9918:tid 9925] [client 162.62.213.187:52764] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "airlL04Kpjoch0F_BSpcjgAAAEM"]
[Thu Jun 11 13:41:52.433859 2026] [security2:error] [pid 9918:tid 9930] [client 144.172.106.68:35104] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /vpn/../vpns/portal/scripts/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "erhabenn.com.br"] [uri "/vpns/portal/scripts/"] [unique_id "airlUE4Kpjoch0F_BSpdXgAAAEg"]
[Thu Jun 11 13:41:52.434172 2026] [security2:error] [pid 9918:tid 9930] [client 144.172.106.68:35104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/vpns/portal/scripts/"] [unique_id "airlUE4Kpjoch0F_BSpdXgAAAEg"]
[Thu Jun 11 13:41:52.434488 2026] [security2:error] [pid 9918:tid 9930] [client 144.172.106.68:35104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/vpns/portal/scripts/"] [unique_id "airlUE4Kpjoch0F_BSpdXgAAAEg"]
[Thu Jun 11 13:42:12.751649 2026] [security2:error] [pid 8022:tid 8051] [client 144.172.106.68:57852] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "349"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: eval('cat confluence.cfg.xml') found within REQUEST_FILENAME: /${new javax.script.ScriptEngineManager().getEngineByName('nashorn').eval('cat confluence.cfg.xml')}/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "erhabenn.com.br"] [uri "/${new javax.script.ScriptEngineManager().getEngineByName('nashorn').eval('cat confluence.cfg.xml')}/"] [unique_id "airlZI89NgQ7K0QZaBl6dQAAAVM"]
[Thu Jun 11 13:42:12.751857 2026] [security2:error] [pid 8022:tid 8051] [client 144.172.106.68:57852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/${new javax.script.ScriptEngineManager().getEngineByName('nashorn').eval('cat confluence.cfg.xml')}/"] [unique_id "airlZI89NgQ7K0QZaBl6dQAAAVM"]
[Thu Jun 11 13:42:12.752117 2026] [security2:error] [pid 8022:tid 8051] [client 144.172.106.68:57852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/${new javax.script.ScriptEngineManager().getEngineByName('nashorn').eval('cat confluence.cfg.xml')}/"] [unique_id "airlZI89NgQ7K0QZaBl6dQAAAVM"]
[Thu Jun 11 13:42:33.069836 2026] [security2:error] [pid 9918:tid 9929] [client 144.172.106.68:42300] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "371"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data "/?name=%{("] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/267/72"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "airleU4Kpjoch0F_BSpevAAAAEc"]
[Thu Jun 11 13:44:37.445184 2026] [security2:error] [pid 21243:tid 21256] [client 45.148.10.67:59130] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airl9UKTwdTIu69rj43F0AAAAMo"]
[Thu Jun 11 13:45:25.235686 2026] [security2:error] [pid 8022:tid 8044] [client 155.133.23.242:43732] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airmJY89NgQ7K0QZaBl9NgAAAUw"]
[Thu Jun 11 13:45:25.235927 2026] [security2:error] [pid 8022:tid 8044] [client 155.133.23.242:43732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airmJY89NgQ7K0QZaBl9NgAAAUw"]
[Thu Jun 11 13:45:25.236158 2026] [security2:error] [pid 8022:tid 8044] [client 155.133.23.242:43732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "airmJY89NgQ7K0QZaBl9NgAAAUw"]
[Thu Jun 11 13:45:25.236977 2026] [security2:error] [pid 8022:tid 8044] [client 155.133.23.242:43732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "airmJY89NgQ7K0QZaBl9NgAAAUw"]
[Thu Jun 11 13:49:48.507200 2026] [security2:error] [pid 21295:tid 21347] [client 74.7.242.25:51096] ModSecurity: Warning. Matched phrase "etc/exports" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/exports found within ARGS:path: /proc/7722/root/proc/self/root/etc/exports.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airnLDlbUCMVJYfLxkq2GAAAAJU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 13:49:48.507910 2026] [security2:error] [pid 21295:tid 21347] [client 74.7.242.25:51096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airnLDlbUCMVJYfLxkq2GAAAAJU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 13:49:48.508223 2026] [security2:error] [pid 21295:tid 21347] [client 74.7.242.25:51096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airnLDlbUCMVJYfLxkq2GAAAAJU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 13:52:42.906270 2026] [:error] [pid 21243:tid 21270] [client 109.98.170.43:50978] File does not exist: /disk001/sonne/public_html/xmlrpc.php
[Thu Jun 11 13:54:00.484558 2026] [core:error] [pid 21295:tid 21340] [client 79.72.3.119:41794] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 13:55:30.993202 2026] [security2:error] [pid 21295:tid 21328] [client 57.141.2.62:30144] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:fileloc: /disk001/sonne/.bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airogjlbUCMVJYfLxkq9AAAAAII"]
[Thu Jun 11 13:55:30.993790 2026] [security2:error] [pid 21295:tid 21328] [client 57.141.2.62:30144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airogjlbUCMVJYfLxkq9AAAAAII"]
[Thu Jun 11 13:55:30.994225 2026] [security2:error] [pid 21295:tid 21328] [client 57.141.2.62:30144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airogjlbUCMVJYfLxkq9AAAAAII"]
[Thu Jun 11 13:56:39.228703 2026] [security2:error] [pid 21295:tid 21331] [client 43.154.250.181:57772] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "airoxzlbUCMVJYfLxkq9ZQAAAIU"]
[Thu Jun 11 14:02:22.550041 2026] [security2:error] [pid 3902:tid 3930] [client 91.231.89.130:59341] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airqHv8lKn4qdPkDWlC1aAAAARU"]
[Thu Jun 11 14:04:17.555057 2026] [security2:error] [pid 21295:tid 21346] [client 91.231.89.73:53233] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "airqkTlbUCMVJYfLxkrFXAAAAJQ"]
[Thu Jun 11 14:04:29.945773 2026] [security2:error] [pid 21296:tid 21310] [client 91.231.89.76:55735] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "airqnazVaq-mvl-Hfs-tPQAAAAs"]
[Thu Jun 11 14:06:05.640412 2026] [security2:error] [pid 3902:tid 3931] [client 34.123.82.129:58336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "airq_f8lKn4qdPkDWlC6YQAAARY"]
[Thu Jun 11 14:06:05.640767 2026] [security2:error] [pid 3902:tid 3931] [client 34.123.82.129:58336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "airq_f8lKn4qdPkDWlC6YQAAARY"]
[Thu Jun 11 14:06:06.126158 2026] [security2:error] [pid 3902:tid 3931] [client 34.123.82.129:58336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "airq_f8lKn4qdPkDWlC6YQAAARY"]
[Thu Jun 11 14:06:16.547128 2026] [security2:error] [pid 21295:tid 21349] [client 34.123.82.129:21308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "airrCDlbUCMVJYfLxkrHVgAAAJc"]
[Thu Jun 11 14:06:16.547427 2026] [security2:error] [pid 21295:tid 21349] [client 34.123.82.129:21308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "airrCDlbUCMVJYfLxkrHVgAAAJc"]
[Thu Jun 11 14:06:16.571733 2026] [security2:error] [pid 21295:tid 21349] [client 34.123.82.129:21308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "airrCDlbUCMVJYfLxkrHVgAAAJc"]
[Thu Jun 11 14:06:19.139726 2026] [security2:error] [pid 3902:tid 3925] [client 91.231.89.218:60997] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "airrC_8lKn4qdPkDWlC6rAAAARA"]
[Thu Jun 11 14:07:14.848690 2026] [security2:error] [pid 21243:tid 21265] [client 43.166.132.142:51816] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "airrQkKTwdTIu69rj43cvwAAANM"]
[Thu Jun 11 14:14:28.434763 2026] [security2:error] [pid 21243:tid 21251] [client 74.7.242.25:40424] ModSecurity: Warning. Matched phrase "etc/sudoers" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/sudoers found within ARGS:path: /proc/7722/root/proc/self/root/etc/sudoers.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airs9EKTwdTIu69rj43llwAAAMU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:14:28.436165 2026] [security2:error] [pid 21243:tid 21251] [client 74.7.242.25:40424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airs9EKTwdTIu69rj43llwAAAMU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:14:28.436473 2026] [security2:error] [pid 21243:tid 21251] [client 74.7.242.25:40424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airs9EKTwdTIu69rj43llwAAAMU"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:16:16.351193 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:39822] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/env"] [unique_id "airtYDlbUCMVJYfLxkrRtQAAAIs"]
[Thu Jun 11 14:16:16.351675 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:39822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/env"] [unique_id "airtYDlbUCMVJYfLxkrRtQAAAIs"]
[Thu Jun 11 14:16:16.352124 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:39822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRtQAAAIs"]
[Thu Jun 11 14:16:16.353826 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:39836] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets/aws.json"] [unique_id "airtYEKTwdTIu69rj43oUgAAAMU"]
[Thu Jun 11 14:16:16.354120 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:39836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets/aws.json"] [unique_id "airtYEKTwdTIu69rj43oUgAAAMU"]
[Thu Jun 11 14:16:16.354451 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:39836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oUgAAAMU"]
[Thu Jun 11 14:16:16.359866 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:39856] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/actuator/logfile"] [unique_id "airtYE4Kpjoch0F_BSqCtQAAAE4"]
[Thu Jun 11 14:16:16.360180 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:39856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/actuator/logfile"] [unique_id "airtYE4Kpjoch0F_BSqCtQAAAE4"]
[Thu Jun 11 14:16:16.360610 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:39856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCtQAAAE4"]
[Thu Jun 11 14:16:16.379716 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:39894] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/trace"] [unique_id "airtYDlbUCMVJYfLxkrRtgAAAJA"]
[Thu Jun 11 14:16:16.380122 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:39894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/trace"] [unique_id "airtYDlbUCMVJYfLxkrRtgAAAJA"]
[Thu Jun 11 14:16:16.380510 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:39894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRtgAAAJA"]
[Thu Jun 11 14:16:16.382234 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:39908] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/info.php"] [unique_id "airtYP8lKn4qdPkDWlDDkAAAAQ0"]
[Thu Jun 11 14:16:16.382633 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:39908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/info.php"] [unique_id "airtYP8lKn4qdPkDWlDDkAAAAQ0"]
[Thu Jun 11 14:16:16.383010 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:39908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDkAAAAQ0"]
[Thu Jun 11 14:16:16.385155 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:39890] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/phpinfo.php"] [unique_id "airtYEKTwdTIu69rj43oVAAAAMs"]
[Thu Jun 11 14:16:16.385515 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:39890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/phpinfo.php"] [unique_id "airtYEKTwdTIu69rj43oVAAAAMs"]
[Thu Jun 11 14:16:16.385948 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:39890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oVAAAAMs"]
[Thu Jun 11 14:16:16.389375 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:39916] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/php.php"] [unique_id "airtYKzVaq-mvl-Hfs-4sQAAAAI"]
[Thu Jun 11 14:16:16.389695 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/php.php"] [unique_id "airtYKzVaq-mvl-Hfs-4sQAAAAI"]
[Thu Jun 11 14:16:16.390103 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4sQAAAAI"]
[Thu Jun 11 14:16:16.393437 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:39934] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/test.php"] [unique_id "airtYDlbUCMVJYfLxkrRtwAAAJY"]
[Thu Jun 11 14:16:16.393914 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:39934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/test.php"] [unique_id "airtYDlbUCMVJYfLxkrRtwAAAJY"]
[Thu Jun 11 14:16:16.394254 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:39934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRtwAAAJY"]
[Thu Jun 11 14:16:16.395019 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:39878] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets/credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqCtgAAAFQ"]
[Thu Jun 11 14:16:16.395326 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:39878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets/credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqCtgAAAFQ"]
[Thu Jun 11 14:16:16.395717 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:39878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCtgAAAFQ"]
[Thu Jun 11 14:16:16.410695 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:39850] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets/gcp.json"] [unique_id "airtYP8lKn4qdPkDWlDDkQAAARg"]
[Thu Jun 11 14:16:16.411027 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:39850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets/gcp.json"] [unique_id "airtYP8lKn4qdPkDWlDDkQAAARg"]
[Thu Jun 11 14:16:16.411400 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:39850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDkQAAARg"]
[Thu Jun 11 14:16:16.413434 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:39960] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/phptest.php"] [unique_id "airtYP8lKn4qdPkDWlDDkgAAARA"]
[Thu Jun 11 14:16:16.413735 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:39960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/phptest.php"] [unique_id "airtYP8lKn4qdPkDWlDDkgAAARA"]
[Thu Jun 11 14:16:16.414167 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:39960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDkgAAARA"]
[Thu Jun 11 14:16:16.420256 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:39924] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/gcp.json"] [unique_id "airtYEKTwdTIu69rj43oVgAAAMg"]
[Thu Jun 11 14:16:16.420607 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:39924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/gcp.json"] [unique_id "airtYEKTwdTIu69rj43oVgAAAMg"]
[Thu Jun 11 14:16:16.420975 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:39924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oVgAAAMg"]
[Thu Jun 11 14:16:16.424420 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:39946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/debug.php"] [unique_id "airtYKzVaq-mvl-Hfs-4sgAAAAM"]
[Thu Jun 11 14:16:16.424774 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:39946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/debug.php"] [unique_id "airtYKzVaq-mvl-Hfs-4sgAAAAM"]
[Thu Jun 11 14:16:16.425321 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:39946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4sgAAAAM"]
[Thu Jun 11 14:16:16.426856 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:39976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/_profiler"] [unique_id "airtYE4Kpjoch0F_BSqCtwAAAEk"]
[Thu Jun 11 14:16:16.426858 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:39984] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/_profiler/open"] [unique_id "airtYDlbUCMVJYfLxkrRuQAAAIQ"]
[Thu Jun 11 14:16:16.427178 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:39984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/_profiler/open"] [unique_id "airtYDlbUCMVJYfLxkrRuQAAAIQ"]
[Thu Jun 11 14:16:16.427221 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:39976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/_profiler"] [unique_id "airtYE4Kpjoch0F_BSqCtwAAAEk"]
[Thu Jun 11 14:16:16.427532 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:39984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRuQAAAIQ"]
[Thu Jun 11 14:16:16.427551 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:39976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCtwAAAEk"]
[Thu Jun 11 14:16:16.436709 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:39992] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/profiler"] [unique_id "airtYEKTwdTIu69rj43oVwAAAMw"]
[Thu Jun 11 14:16:16.437012 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:39992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/profiler"] [unique_id "airtYEKTwdTIu69rj43oVwAAAMw"]
[Thu Jun 11 14:16:16.437428 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:39992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oVwAAAMw"]
[Thu Jun 11 14:16:16.438988 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:39996] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/profiler/phpinfo"] [unique_id "airtYE4Kpjoch0F_BSqCuAAAAEg"]
[Thu Jun 11 14:16:16.439299 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:39996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/profiler/phpinfo"] [unique_id "airtYE4Kpjoch0F_BSqCuAAAAEg"]
[Thu Jun 11 14:16:16.439622 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:39996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCuAAAAEg"]
[Thu Jun 11 14:16:16.441948 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:39866] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets/azure.json"] [unique_id "airtYKzVaq-mvl-Hfs-4sAAAAAA"]
[Thu Jun 11 14:16:16.442267 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:39866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets/azure.json"] [unique_id "airtYKzVaq-mvl-Hfs-4sAAAAAA"]
[Thu Jun 11 14:16:16.442658 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:39866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4sAAAAAA"]
[Thu Jun 11 14:16:16.446967 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:39978] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/_profiler/phpinfo"] [unique_id "airtYP8lKn4qdPkDWlDDkwAAAQg"]
[Thu Jun 11 14:16:16.447205 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:39978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/_profiler/phpinfo"] [unique_id "airtYP8lKn4qdPkDWlDDkwAAAQg"]
[Thu Jun 11 14:16:16.447231 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40012] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/env"] [unique_id "airtYKzVaq-mvl-Hfs-4swAAABM"]
[Thu Jun 11 14:16:16.448020 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/env"] [unique_id "airtYKzVaq-mvl-Hfs-4swAAABM"]
[Thu Jun 11 14:16:16.448047 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:39978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDkwAAAQg"]
[Thu Jun 11 14:16:16.448671 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4swAAABM"]
[Thu Jun 11 14:16:16.449043 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40024] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/admin/phpinfo.php"] [unique_id "airtYDlbUCMVJYfLxkrRugAAAIo"]
[Thu Jun 11 14:16:16.449346 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/admin/phpinfo.php"] [unique_id "airtYDlbUCMVJYfLxkrRugAAAIo"]
[Thu Jun 11 14:16:16.449799 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRugAAAIo"]
[Thu Jun 11 14:16:16.461453 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40030] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/phpinfo.php"] [unique_id "airtYEKTwdTIu69rj43oWAAAAMk"]
[Thu Jun 11 14:16:16.461984 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/phpinfo.php"] [unique_id "airtYEKTwdTIu69rj43oWAAAAMk"]
[Thu Jun 11 14:16:16.462053 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40040] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.yml"] [unique_id "airtYP8lKn4qdPkDWlDDlAAAAQw"]
[Thu Jun 11 14:16:16.462384 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.yml"] [unique_id "airtYP8lKn4qdPkDWlDDlAAAAQw"]
[Thu Jun 11 14:16:16.462423 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oWAAAAMk"]
[Thu Jun 11 14:16:16.462796 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDlAAAAQw"]
[Thu Jun 11 14:16:16.475179 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40058] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/env"] [unique_id "airtYDlbUCMVJYfLxkrRvAAAAIE"]
[Thu Jun 11 14:16:16.475682 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/env"] [unique_id "airtYDlbUCMVJYfLxkrRvAAAAIE"]
[Thu Jun 11 14:16:16.476055 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRvAAAAIE"]
[Thu Jun 11 14:16:16.485335 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:40036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqCuQAAAEI"]
[Thu Jun 11 14:16:16.485602 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:40036] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqCuQAAAEI"]
[Thu Jun 11 14:16:16.485813 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:40036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqCuQAAAEI"]
[Thu Jun 11 14:16:16.486181 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:40036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCuQAAAEI"]
[Thu Jun 11 14:16:16.491493 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:40090] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.prod.yaml"] [unique_id "airtYEKTwdTIu69rj43oWgAAAM8"]
[Thu Jun 11 14:16:16.491841 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:40090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.prod.yaml"] [unique_id "airtYEKTwdTIu69rj43oWgAAAM8"]
[Thu Jun 11 14:16:16.492221 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:40090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oWgAAAM8"]
[Thu Jun 11 14:16:16.497284 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40106] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.production.yml"] [unique_id "airtYE4Kpjoch0F_BSqCugAAAFM"]
[Thu Jun 11 14:16:16.497661 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.production.yml"] [unique_id "airtYE4Kpjoch0F_BSqCugAAAFM"]
[Thu Jun 11 14:16:16.497980 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCugAAAFM"]
[Thu Jun 11 14:16:16.501320 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:40124] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4tQAAAAk"]
[Thu Jun 11 14:16:16.501616 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:40124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4tQAAAAk"]
[Thu Jun 11 14:16:16.502138 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:40124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4tQAAAAk"]
[Thu Jun 11 14:16:16.504460 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40066] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDlQAAAQ8"]
[Thu Jun 11 14:16:16.504852 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDlQAAAQ8"]
[Thu Jun 11 14:16:16.505190 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDlQAAAQ8"]
[Thu Jun 11 14:16:16.506046 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:40120] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/dump"] [unique_id "airtYDlbUCMVJYfLxkrRvQAAAIU"]
[Thu Jun 11 14:16:16.506374 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:40120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/dump"] [unique_id "airtYDlbUCMVJYfLxkrRvQAAAIU"]
[Thu Jun 11 14:16:16.506915 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:40120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRvQAAAIU"]
[Thu Jun 11 14:16:16.509016 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:40162] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqCuwAAAE0"]
[Thu Jun 11 14:16:16.509454 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:40162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqCuwAAAE0"]
[Thu Jun 11 14:16:16.509819 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:40162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCuwAAAE0"]
[Thu Jun 11 14:16:16.511782 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:40142] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/threaddump"] [unique_id "airtYDlbUCMVJYfLxkrRvgAAAII"]
[Thu Jun 11 14:16:16.512078 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:40142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/threaddump"] [unique_id "airtYDlbUCMVJYfLxkrRvgAAAII"]
[Thu Jun 11 14:16:16.512524 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:40142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRvgAAAII"]
[Thu Jun 11 14:16:16.513165 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40180] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/auditevents"] [unique_id "airtYKzVaq-mvl-Hfs-4tgAAABc"]
[Thu Jun 11 14:16:16.513502 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/auditevents"] [unique_id "airtYKzVaq-mvl-Hfs-4tgAAABc"]
[Thu Jun 11 14:16:16.513873 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4tgAAABc"]
[Thu Jun 11 14:16:16.515078 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:40076] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.azure/credentials"] [unique_id "airtYEKTwdTIu69rj43oWwAAAMM"]
[Thu Jun 11 14:16:16.515423 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:40076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.azure/credentials"] [unique_id "airtYEKTwdTIu69rj43oWwAAAMM"]
[Thu Jun 11 14:16:16.515835 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:40076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oWwAAAMM"]
[Thu Jun 11 14:16:16.517473 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/actuator/heapdump"] [unique_id "airtYEKTwdTIu69rj43oXAAAANc"]
[Thu Jun 11 14:16:16.518904 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private/service-account.json"] [unique_id "airtYE4Kpjoch0F_BSqCvAAAAEQ"]
[Thu Jun 11 14:16:16.519300 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private/service-account.json"] [unique_id "airtYE4Kpjoch0F_BSqCvAAAAEQ"]
[Thu Jun 11 14:16:16.519647 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCvAAAAEQ"]
[Thu Jun 11 14:16:16.522026 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:40210] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDlwAAAQc"]
[Thu Jun 11 14:16:16.522279 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:40128] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/env"] [unique_id "airtYP8lKn4qdPkDWlDDlgAAAQQ"]
[Thu Jun 11 14:16:16.522406 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:40210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDlwAAAQc"]
[Thu Jun 11 14:16:16.522543 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:40128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/env"] [unique_id "airtYP8lKn4qdPkDWlDDlgAAAQQ"]
[Thu Jun 11 14:16:16.522795 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/actuator/heapdump"] [unique_id "airtYEKTwdTIu69rj43oXAAAANc"]
[Thu Jun 11 14:16:16.523188 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oXAAAANc"]
[Thu Jun 11 14:16:16.527447 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:40148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/service-account.json"] [unique_id "airtYDlbUCMVJYfLxkrRvwAAAIw"]
[Thu Jun 11 14:16:16.527843 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:40148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/service-account.json"] [unique_id "airtYDlbUCMVJYfLxkrRvwAAAIw"]
[Thu Jun 11 14:16:16.528215 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:40148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRvwAAAIw"]
[Thu Jun 11 14:16:16.530813 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:40184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.dev.yml"] [unique_id "airtYEKTwdTIu69rj43oXQAAAMc"]
[Thu Jun 11 14:16:16.531142 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:40184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.dev.yml"] [unique_id "airtYEKTwdTIu69rj43oXQAAAMc"]
[Thu Jun 11 14:16:16.531610 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:40184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oXQAAAMc"]
[Thu Jun 11 14:16:16.533046 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:40212] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.staging.yml"] [unique_id "airtYE4Kpjoch0F_BSqCvQAAAFA"]
[Thu Jun 11 14:16:16.533314 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:40212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.staging.yml"] [unique_id "airtYE4Kpjoch0F_BSqCvQAAAFA"]
[Thu Jun 11 14:16:16.533713 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:40212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCvQAAAFA"]
[Thu Jun 11 14:16:16.536942 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:40238] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.local.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4uAAAAAQ"]
[Thu Jun 11 14:16:16.537393 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:40238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.local.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4uAAAAAQ"]
[Thu Jun 11 14:16:16.540844 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:40178] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDmAAAARE"]
[Thu Jun 11 14:16:16.541235 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:40178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDmAAAARE"]
[Thu Jun 11 14:16:16.546851 2026] [security2:error] [pid 21295:tid 21341] [client 34.17.141.62:40224] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.override.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwAAAAI8"]
[Thu Jun 11 14:16:16.547345 2026] [security2:error] [pid 21295:tid 21341] [client 34.17.141.62:40224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.override.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwAAAAI8"]
[Thu Jun 11 14:16:16.548750 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:40292] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/configprops"] [unique_id "airtYE4Kpjoch0F_BSqCvwAAAEc"]
[Thu Jun 11 14:16:16.549055 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:40292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/configprops"] [unique_id "airtYE4Kpjoch0F_BSqCvwAAAEc"]
[Thu Jun 11 14:16:16.549353 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:40292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCvwAAAEc"]
[Thu Jun 11 14:16:16.551357 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:40256] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.docker/config.json"] [unique_id "airtYDlbUCMVJYfLxkrRwQAAAJU"]
[Thu Jun 11 14:16:16.551502 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:40256] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.docker/config.json"] [unique_id "airtYDlbUCMVJYfLxkrRwQAAAJU"]
[Thu Jun 11 14:16:16.551864 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:40256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.docker/config.json"] [unique_id "airtYDlbUCMVJYfLxkrRwQAAAJU"]
[Thu Jun 11 14:16:16.552353 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:40256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRwQAAAJU"]
[Thu Jun 11 14:16:16.554299 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:40302] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/docker-compose.prod.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwgAAAJc"]
[Thu Jun 11 14:16:16.554666 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:40302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/docker-compose.prod.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwgAAAJc"]
[Thu Jun 11 14:16:16.555049 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:40302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRwgAAAJc"]
[Thu Jun 11 14:16:16.555921 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:40238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4uAAAAAQ"]
[Thu Jun 11 14:16:16.559843 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:40178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDmAAAARE"]
[Thu Jun 11 14:16:16.561308 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:40268] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/service-account.json"] [unique_id "airtYE4Kpjoch0F_BSqCvgAAAEE"]
[Thu Jun 11 14:16:16.561654 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:40268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/service-account.json"] [unique_id "airtYE4Kpjoch0F_BSqCvgAAAEE"]
[Thu Jun 11 14:16:16.562052 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:40268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCvgAAAEE"]
[Thu Jun 11 14:16:16.563802 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:40288] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oXgAAAMo"]
[Thu Jun 11 14:16:16.564179 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:40288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oXgAAAMo"]
[Thu Jun 11 14:16:16.564601 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:40288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oXgAAAMo"]
[Thu Jun 11 14:16:16.565172 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:40128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDlgAAAQQ"]
[Thu Jun 11 14:16:16.566490 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:40250] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDmgAAAQU"]
[Thu Jun 11 14:16:16.566830 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:40250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDmgAAAQU"]
[Thu Jun 11 14:16:16.567307 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:40254] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/Dockerfile"] [unique_id "airtYEKTwdTIu69rj43oXwAAANU"]
[Thu Jun 11 14:16:16.567470 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:40254] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/Dockerfile"] [unique_id "airtYEKTwdTIu69rj43oXwAAANU"]
[Thu Jun 11 14:16:16.567747 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:40254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/Dockerfile"] [unique_id "airtYEKTwdTIu69rj43oXwAAANU"]
[Thu Jun 11 14:16:16.568162 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:40254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oXwAAANU"]
[Thu Jun 11 14:16:16.569855 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:40132] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/service-account.json"] [unique_id "airtYKzVaq-mvl-Hfs-4twAAAAU"]
[Thu Jun 11 14:16:16.570212 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:40132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/service-account.json"] [unique_id "airtYKzVaq-mvl-Hfs-4twAAAAU"]
[Thu Jun 11 14:16:16.570414 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:40298] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4ugAAABA"]
[Thu Jun 11 14:16:16.570427 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:40054] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker-compose.yaml"] [unique_id "airtYKzVaq-mvl-Hfs-4tAAAAA0"]
[Thu Jun 11 14:16:16.570451 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:40276] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4uQAAAA8"]
[Thu Jun 11 14:16:16.572003 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:40132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4twAAAAU"]
[Thu Jun 11 14:16:16.572205 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:40250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDmgAAAQU"]
[Thu Jun 11 14:16:16.571033 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:40054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker-compose.yaml"] [unique_id "airtYKzVaq-mvl-Hfs-4tAAAAA0"]
[Thu Jun 11 14:16:16.571521 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:40276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4uQAAAA8"]
[Thu Jun 11 14:16:16.572958 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:40298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4ugAAABA"]
[Thu Jun 11 14:16:16.573731 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:40054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4tAAAAA0"]
[Thu Jun 11 14:16:16.573814 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:40298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4ugAAABA"]
[Thu Jun 11 14:16:16.574138 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:40276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4uQAAAA8"]
[Thu Jun 11 14:16:16.576213 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:40310] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oYAAAAMQ"]
[Thu Jun 11 14:16:16.576553 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:40310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oYAAAAMQ"]
[Thu Jun 11 14:16:16.576981 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:40310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oYAAAAMQ"]
[Thu Jun 11 14:16:16.579843 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:40322] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDnAAAAQY"]
[Thu Jun 11 14:16:16.580140 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:40322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDnAAAAQY"]
[Thu Jun 11 14:16:16.580297 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:40334] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/docker-compose.yml"] [unique_id "airtYE4Kpjoch0F_BSqCwAAAAFg"]
[Thu Jun 11 14:16:16.580710 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:40210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDlwAAAQc"]
[Thu Jun 11 14:16:16.580776 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:40334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/docker-compose.yml"] [unique_id "airtYE4Kpjoch0F_BSqCwAAAAFg"]
[Thu Jun 11 14:16:16.581087 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:40334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCwAAAAFg"]
[Thu Jun 11 14:16:16.582446 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:40322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDnAAAAQY"]
[Thu Jun 11 14:16:16.583216 2026] [security2:error] [pid 21295:tid 21341] [client 34.17.141.62:40224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRwAAAAI8"]
[Thu Jun 11 14:16:16.583450 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:40286] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDmwAAAQo"]
[Thu Jun 11 14:16:16.583801 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:40286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/docker-compose.prod.yml"] [unique_id "airtYP8lKn4qdPkDWlDDmwAAAQo"]
[Thu Jun 11 14:16:16.584244 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:40286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDmwAAAQo"]
[Thu Jun 11 14:16:16.597021 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:40364] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4vAAAAAE"]
[Thu Jun 11 14:16:16.597610 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:40396] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4vQAAABg"]
[Thu Jun 11 14:16:16.597486 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:40364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/actuator/env"] [unique_id "airtYKzVaq-mvl-Hfs-4vAAAAAE"]
[Thu Jun 11 14:16:16.597952 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:40396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/devops/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4vQAAABg"]
[Thu Jun 11 14:16:16.598274 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:40364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4vAAAAAE"]
[Thu Jun 11 14:16:16.598384 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:40396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4vQAAABg"]
[Thu Jun 11 14:16:16.601717 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:40382] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oYQAAANA"]
[Thu Jun 11 14:16:16.602553 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:40382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/infrastructure/docker-compose.yml"] [unique_id "airtYEKTwdTIu69rj43oYQAAANA"]
[Thu Jun 11 14:16:16.603335 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:40382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oYQAAANA"]
[Thu Jun 11 14:16:16.608373 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:40366] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/aws.json"] [unique_id "airtYE4Kpjoch0F_BSqCwQAAAFI"]
[Thu Jun 11 14:16:16.608910 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:40366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/aws.json"] [unique_id "airtYE4Kpjoch0F_BSqCwQAAAFI"]
[Thu Jun 11 14:16:16.609324 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:40366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCwQAAAFI"]
[Thu Jun 11 14:16:16.610057 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:40430] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.credentials"] [unique_id "airtYP8lKn4qdPkDWlDDngAAAQE"]
[Thu Jun 11 14:16:16.610446 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:40430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.credentials"] [unique_id "airtYP8lKn4qdPkDWlDDngAAAQE"]
[Thu Jun 11 14:16:16.610821 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:40430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDngAAAQE"]
[Thu Jun 11 14:16:16.612079 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:40444] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/actuator/env"] [unique_id "airtYE4Kpjoch0F_BSqCwgAAAEo"]
[Thu Jun 11 14:16:16.612453 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:40444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/actuator/env"] [unique_id "airtYE4Kpjoch0F_BSqCwgAAAEo"]
[Thu Jun 11 14:16:16.613133 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:40444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCwgAAAEo"]
[Thu Jun 11 14:16:16.613154 2026] [security2:error] [pid 21295:tid 21332] [client 34.17.141.62:40346] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/infra/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRxAAAAIY"]
[Thu Jun 11 14:16:16.613473 2026] [security2:error] [pid 21295:tid 21332] [client 34.17.141.62:40346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/infra/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRxAAAAIY"]
[Thu Jun 11 14:16:16.613869 2026] [security2:error] [pid 21295:tid 21332] [client 34.17.141.62:40346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRxAAAAIY"]
[Thu Jun 11 14:16:16.618009 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:40462] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRxQAAAIs"]
[Thu Jun 11 14:16:16.618300 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:40462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRxQAAAIs"]
[Thu Jun 11 14:16:16.618831 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:40462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRxQAAAIs"]
[Thu Jun 11 14:16:16.629716 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:40418] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDnwAAARY"]
[Thu Jun 11 14:16:16.630033 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:40418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDnwAAARY"]
[Thu Jun 11 14:16:16.630361 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:40418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDnwAAARY"]
[Thu Jun 11 14:16:16.633867 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:40518] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/credentials"] [unique_id "airtYKzVaq-mvl-Hfs-4vgAAAA4"]
[Thu Jun 11 14:16:16.634124 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:40518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/credentials"] [unique_id "airtYKzVaq-mvl-Hfs-4vgAAAA4"]
[Thu Jun 11 14:16:16.634644 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:40518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4vgAAAA4"]
[Thu Jun 11 14:16:16.636065 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:40488] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "airtYE4Kpjoch0F_BSqCwwAAAFc"]
[Thu Jun 11 14:16:16.636076 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:40538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/threaddump"] [unique_id "airtYDlbUCMVJYfLxkrRxwAAAJg"]
[Thu Jun 11 14:16:16.636347 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:40538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/threaddump"] [unique_id "airtYDlbUCMVJYfLxkrRxwAAAJg"]
[Thu Jun 11 14:16:16.636500 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:40488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/docker-compose.yml"] [unique_id "airtYE4Kpjoch0F_BSqCwwAAAFc"]
[Thu Jun 11 14:16:16.636979 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:40488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCwwAAAFc"]
[Thu Jun 11 14:16:16.637056 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:40538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRxwAAAJg"]
[Thu Jun 11 14:16:16.645540 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:40540] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "airtYP8lKn4qdPkDWlDDoAAAARI"]
[Thu Jun 11 14:16:16.645988 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:40540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/docker-compose.yml"] [unique_id "airtYP8lKn4qdPkDWlDDoAAAARI"]
[Thu Jun 11 14:16:16.646674 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:40540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDoAAAARI"]
[Thu Jun 11 14:16:16.654451 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:40558] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/dump"] [unique_id "airtYE4Kpjoch0F_BSqCxAAAAFU"]
[Thu Jun 11 14:16:16.655620 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:40558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/dump"] [unique_id "airtYE4Kpjoch0F_BSqCxAAAAFU"]
[Thu Jun 11 14:16:16.655986 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:40558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCxAAAAFU"]
[Thu Jun 11 14:16:16.657393 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:40568] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/configprops"] [unique_id "airtYKzVaq-mvl-Hfs-4vwAAABY"]
[Thu Jun 11 14:16:16.657954 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:40568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/configprops"] [unique_id "airtYKzVaq-mvl-Hfs-4vwAAABY"]
[Thu Jun 11 14:16:16.658376 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:40568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4vwAAABY"]
[Thu Jun 11 14:16:16.660011 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:40450] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4wAAAABI"]
[Thu Jun 11 14:16:16.660416 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:40450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/docker-compose.yml"] [unique_id "airtYKzVaq-mvl-Hfs-4wAAAABI"]
[Thu Jun 11 14:16:16.660759 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:40450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4wAAAABI"]
[Thu Jun 11 14:16:16.660981 2026] [security2:error] [pid 21295:tid 21329] [client 34.17.141.62:40338] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/docker-compose.prod.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwwAAAIM"]
[Thu Jun 11 14:16:16.661367 2026] [security2:error] [pid 21295:tid 21329] [client 34.17.141.62:40338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/docker-compose.prod.yml"] [unique_id "airtYDlbUCMVJYfLxkrRwwAAAIM"]
[Thu Jun 11 14:16:16.661982 2026] [security2:error] [pid 21295:tid 21329] [client 34.17.141.62:40338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRwwAAAIM"]
[Thu Jun 11 14:16:16.662409 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:40574] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/trace"] [unique_id "airtYE4Kpjoch0F_BSqCxQAAAFE"]
[Thu Jun 11 14:16:16.662751 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:40574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/trace"] [unique_id "airtYE4Kpjoch0F_BSqCxQAAAFE"]
[Thu Jun 11 14:16:16.663100 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:40574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCxQAAAFE"]
[Thu Jun 11 14:16:16.663197 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:40358] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.aws/config"] [unique_id "airtYP8lKn4qdPkDWlDDnQAAAQM"]
[Thu Jun 11 14:16:16.663352 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:40358] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.aws/config"] [unique_id "airtYP8lKn4qdPkDWlDDnQAAAQM"]
[Thu Jun 11 14:16:16.663726 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:40358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.aws/config"] [unique_id "airtYP8lKn4qdPkDWlDDnQAAAQM"]
[Thu Jun 11 14:16:16.664125 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:40358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDnQAAAQM"]
[Thu Jun 11 14:16:16.664714 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:40476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/service-account.json"] [unique_id "airtYEKTwdTIu69rj43oYgAAAMI"]
[Thu Jun 11 14:16:16.670124 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:40556] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRyAAAAI4"]
[Thu Jun 11 14:16:16.670404 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:40502] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/serviceaccount.json"] [unique_id "airtYKzVaq-mvl-Hfs-4wQAAAAo"]
[Thu Jun 11 14:16:16.670434 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:40556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker/docker-compose.yml"] [unique_id "airtYDlbUCMVJYfLxkrRyAAAAI4"]
[Thu Jun 11 14:16:16.670804 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:40502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/serviceaccount.json"] [unique_id "airtYKzVaq-mvl-Hfs-4wQAAAAo"]
[Thu Jun 11 14:16:16.670959 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:40556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRyAAAAI4"]
[Thu Jun 11 14:16:16.671186 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:40502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4wQAAAAo"]
[Thu Jun 11 14:16:16.680117 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:40532] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private/credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRyQAAAI0"]
[Thu Jun 11 14:16:16.680237 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:40636] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-4wgAAAAw"]
[Thu Jun 11 14:16:16.680510 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:40532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private/credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRyQAAAI0"]
[Thu Jun 11 14:16:16.680551 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:40636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-4wgAAAAw"]
[Thu Jun 11 14:16:16.680905 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:40636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4wgAAAAw"]
[Thu Jun 11 14:16:16.680906 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:40532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRyQAAAI0"]
[Thu Jun 11 14:16:16.682285 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:40674] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/heapdump"] [unique_id "airtYE4Kpjoch0F_BSqCxgAAAEA"]
[Thu Jun 11 14:16:16.682975 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:40646] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/sessions"] [unique_id "airtYP8lKn4qdPkDWlDDoQAAARg"]
[Thu Jun 11 14:16:16.683465 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:40646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/sessions"] [unique_id "airtYP8lKn4qdPkDWlDDoQAAARg"]
[Thu Jun 11 14:16:16.683872 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:40646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDoQAAARg"]
[Thu Jun 11 14:16:16.685358 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:40612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/env"] [unique_id "airtYE4Kpjoch0F_BSqCxwAAAEY"]
[Thu Jun 11 14:16:16.685726 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:40612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v1/actuator/env"] [unique_id "airtYE4Kpjoch0F_BSqCxwAAAEY"]
[Thu Jun 11 14:16:16.686125 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:40612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCxwAAAEY"]
[Thu Jun 11 14:16:16.686285 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:40674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/heapdump"] [unique_id "airtYE4Kpjoch0F_BSqCxgAAAEA"]
[Thu Jun 11 14:16:16.686969 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:40674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCxgAAAEA"]
[Thu Jun 11 14:16:16.689152 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:40620] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/kubernetes.yml"] [unique_id "airtYDlbUCMVJYfLxkrRygAAAIg"]
[Thu Jun 11 14:16:16.689656 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:40620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/kubernetes.yml"] [unique_id "airtYDlbUCMVJYfLxkrRygAAAIg"]
[Thu Jun 11 14:16:16.690026 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:40620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRygAAAIg"]
[Thu Jun 11 14:16:16.691967 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:40716] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/aws-credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRywAAAIc"]
[Thu Jun 11 14:16:16.692207 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:40740] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/helm/values.yaml"] [unique_id "airtYKzVaq-mvl-Hfs-4wwAAAAs"]
[Thu Jun 11 14:16:16.692330 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:40716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/aws-credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRywAAAIc"]
[Thu Jun 11 14:16:16.692558 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:40740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/helm/values.yaml"] [unique_id "airtYKzVaq-mvl-Hfs-4wwAAAAs"]
[Thu Jun 11 14:16:16.692720 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:40716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRywAAAIc"]
[Thu Jun 11 14:16:16.693017 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:40740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4wwAAAAs"]
[Thu Jun 11 14:16:16.694241 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:40592] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/actuator/logfile"] [unique_id "airtYP8lKn4qdPkDWlDDogAAAQ4"]
[Thu Jun 11 14:16:16.694785 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:40592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/actuator/logfile"] [unique_id "airtYP8lKn4qdPkDWlDDogAAAQ4"]
[Thu Jun 11 14:16:16.695528 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:40592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDogAAAQ4"]
[Thu Jun 11 14:16:16.696562 2026] [security2:error] [pid 21295:tid 21326] [client 34.17.141.62:40748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/helm/values.yml"] [unique_id "airtYDlbUCMVJYfLxkrRzAAAAIA"]
[Thu Jun 11 14:16:16.696882 2026] [security2:error] [pid 21295:tid 21326] [client 34.17.141.62:40748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/helm/values.yml"] [unique_id "airtYDlbUCMVJYfLxkrRzAAAAIA"]
[Thu Jun 11 14:16:16.697180 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:40664] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDowAAARM"]
[Thu Jun 11 14:16:16.697249 2026] [security2:error] [pid 21295:tid 21326] [client 34.17.141.62:40748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRzAAAAIA"]
[Thu Jun 11 14:16:16.697644 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:40664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/configprops"] [unique_id "airtYP8lKn4qdPkDWlDDowAAARM"]
[Thu Jun 11 14:16:16.698027 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:40664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDowAAARM"]
[Thu Jun 11 14:16:16.703828 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:40762] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/terraform.tfstate"] [unique_id "airtYE4Kpjoch0F_BSqCyAAAAE4"]
[Thu Jun 11 14:16:16.704184 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:40762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/terraform.tfstate"] [unique_id "airtYE4Kpjoch0F_BSqCyAAAAE4"]
[Thu Jun 11 14:16:16.704650 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:40762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCyAAAAE4"]
[Thu Jun 11 14:16:16.706045 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:40476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/service-account.json"] [unique_id "airtYEKTwdTIu69rj43oYgAAAMI"]
[Thu Jun 11 14:16:16.710674 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:40688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/logfile"] [unique_id "airtYKzVaq-mvl-Hfs-4xQAAABE"]
[Thu Jun 11 14:16:16.711101 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:40688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/logfile"] [unique_id "airtYKzVaq-mvl-Hfs-4xQAAABE"]
[Thu Jun 11 14:16:16.711463 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:40688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4xQAAABE"]
[Thu Jun 11 14:16:16.712949 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:40704] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/actuator/httptrace"] [unique_id "airtYE4Kpjoch0F_BSqCyQAAAEM"]
[Thu Jun 11 14:16:16.713092 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:40738] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/k8s.yaml"] [unique_id "airtYP8lKn4qdPkDWlDDpAAAARU"]
[Thu Jun 11 14:16:16.713316 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:40704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/actuator/httptrace"] [unique_id "airtYE4Kpjoch0F_BSqCyQAAAEM"]
[Thu Jun 11 14:16:16.713395 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:40738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/k8s.yaml"] [unique_id "airtYP8lKn4qdPkDWlDDpAAAARU"]
[Thu Jun 11 14:16:16.713678 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:40704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCyQAAAEM"]
[Thu Jun 11 14:16:16.713792 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:40738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDpAAAARU"]
[Thu Jun 11 14:16:16.717885 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:40774] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "airtYKzVaq-mvl-Hfs-4xAAAAAI"]
[Thu Jun 11 14:16:16.717967 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:40758] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/terraform.tfvars"] [unique_id "airtYP8lKn4qdPkDWlDDpQAAARc"]
[Thu Jun 11 14:16:16.718236 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:40774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.terraform/terraform.tfstate"] [unique_id "airtYKzVaq-mvl-Hfs-4xAAAAAI"]
[Thu Jun 11 14:16:16.718290 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:40758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/terraform.tfvars"] [unique_id "airtYP8lKn4qdPkDWlDDpQAAARc"]
[Thu Jun 11 14:16:16.718710 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:40774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4xAAAAAI"]
[Thu Jun 11 14:16:16.720271 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:40788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "airtYP8lKn4qdPkDWlDDpgAAAQs"]
[Thu Jun 11 14:16:16.720633 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:40788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/terraform.tfvars"] [unique_id "airtYP8lKn4qdPkDWlDDpgAAAQs"]
[Thu Jun 11 14:16:16.720989 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:40788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDpgAAAQs"]
[Thu Jun 11 14:16:16.721911 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:40758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDpQAAARc"]
[Thu Jun 11 14:16:16.726175 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:40798] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/backup.sql"] [unique_id "airtYE4Kpjoch0F_BSqCygAAAFQ"]
[Thu Jun 11 14:16:16.726302 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:40798] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup.sql"] [unique_id "airtYE4Kpjoch0F_BSqCygAAAFQ"]
[Thu Jun 11 14:16:16.726649 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:40798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup.sql"] [unique_id "airtYE4Kpjoch0F_BSqCygAAAFQ"]
[Thu Jun 11 14:16:16.726975 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:40798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCygAAAFQ"]
[Thu Jun 11 14:16:16.733314 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:40600] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "airtYEKTwdTIu69rj43oYwAAAM0"]
[Thu Jun 11 14:16:16.747221 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:40810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/actuator/configprops"] [unique_id "airtYKzVaq-mvl-Hfs-4xgAAAAY"]
[Thu Jun 11 14:16:16.747799 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:40810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/actuator/configprops"] [unique_id "airtYKzVaq-mvl-Hfs-4xgAAAAY"]
[Thu Jun 11 14:16:16.748309 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:40810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4xgAAAAY"]
[Thu Jun 11 14:16:16.750060 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:40812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrRzQAAAJE"]
[Thu Jun 11 14:16:16.750188 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:40812] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrRzQAAAJE"]
[Thu Jun 11 14:16:16.750685 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:40812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrRzQAAAJE"]
[Thu Jun 11 14:16:16.751058 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:40812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRzQAAAJE"]
[Thu Jun 11 14:16:16.752557 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:40832] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDpwAAAQ0"]
[Thu Jun 11 14:16:16.752941 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:40832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDpwAAAQ0"]
[Thu Jun 11 14:16:16.753408 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:40832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDpwAAAQ0"]
[Thu Jun 11 14:16:16.754925 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:40840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/mysqldump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCywAAAEk"]
[Thu Jun 11 14:16:16.755041 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:40840] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/mysqldump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCywAAAEk"]
[Thu Jun 11 14:16:16.755393 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:40840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/mysqldump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCywAAAEk"]
[Thu Jun 11 14:16:16.755487 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:40476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oYgAAAMI"]
[Thu Jun 11 14:16:16.755795 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:40840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCywAAAEk"]
[Thu Jun 11 14:16:16.760799 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:40844] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/pg_dump.sql"] [unique_id "airtYP8lKn4qdPkDWlDDqAAAARA"]
[Thu Jun 11 14:16:16.760929 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:40844] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/pg_dump.sql"] [unique_id "airtYP8lKn4qdPkDWlDDqAAAARA"]
[Thu Jun 11 14:16:16.761286 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:40844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/pg_dump.sql"] [unique_id "airtYP8lKn4qdPkDWlDDqAAAARA"]
[Thu Jun 11 14:16:16.761809 2026] [security2:error] [pid 3902:tid 3925] [client 34.17.141.62:40844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDqAAAARA"]
[Thu Jun 11 14:16:16.763062 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:40860] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/firebase-adminsdk.json"] [unique_id "airtYE4Kpjoch0F_BSqCzAAAAEg"]
[Thu Jun 11 14:16:16.763443 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:40860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/firebase-adminsdk.json"] [unique_id "airtYE4Kpjoch0F_BSqCzAAAAEg"]
[Thu Jun 11 14:16:16.763865 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:40862] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/aws.json"] [unique_id "airtYKzVaq-mvl-Hfs-4xwAAAAM"]
[Thu Jun 11 14:16:16.763970 2026] [security2:error] [pid 9918:tid 9930] [client 34.17.141.62:40860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCzAAAAEg"]
[Thu Jun 11 14:16:16.764225 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:40862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/aws.json"] [unique_id "airtYKzVaq-mvl-Hfs-4xwAAAAM"]
[Thu Jun 11 14:16:16.764543 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:40862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4xwAAAAM"]
[Thu Jun 11 14:16:16.766118 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:40858] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/data.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4yAAAAAA"]
[Thu Jun 11 14:16:16.766237 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:40858] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/data.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4yAAAAAA"]
[Thu Jun 11 14:16:16.766637 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:40858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/data.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4yAAAAAA"]
[Thu Jun 11 14:16:16.766985 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:40858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4yAAAAAA"]
[Thu Jun 11 14:16:16.755970 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:40724] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/k8s.yml"] [unique_id "airtYEKTwdTIu69rj43oaAAAANE"]
[Thu Jun 11 14:16:16.771954 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:40906] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/actuator/env"] [unique_id "airtYP8lKn4qdPkDWlDDqQAAAQI"]
[Thu Jun 11 14:16:16.772221 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:40906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/actuator/env"] [unique_id "airtYP8lKn4qdPkDWlDDqQAAAQI"]
[Thu Jun 11 14:16:16.772628 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:40906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDqQAAAQI"]
[Thu Jun 11 14:16:16.773791 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:40902] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/aws_credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRzwAAAJA"]
[Thu Jun 11 14:16:16.774225 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:40902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/aws_credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrRzwAAAJA"]
[Thu Jun 11 14:16:16.770208 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:40724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/k8s.yml"] [unique_id "airtYEKTwdTIu69rj43oaAAAANE"]
[Thu Jun 11 14:16:16.778262 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:40914] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.sql.gz"] [unique_id "airtYP8lKn4qdPkDWlDDqgAAAQg"]
[Thu Jun 11 14:16:16.778681 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:40914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.sql.gz"] [unique_id "airtYP8lKn4qdPkDWlDDqgAAAQg"]
[Thu Jun 11 14:16:16.779143 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:40914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDqgAAAQg"]
[Thu Jun 11 14:16:16.781906 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40936] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.zip"] [unique_id "airtYP8lKn4qdPkDWlDDqwAAAQ8"]
[Thu Jun 11 14:16:16.782220 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.zip"] [unique_id "airtYP8lKn4qdPkDWlDDqwAAAQ8"]
[Thu Jun 11 14:16:16.782636 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:40936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDqwAAAQ8"]
[Thu Jun 11 14:16:16.784888 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40978] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "airtYKzVaq-mvl-Hfs-4ygAAABc"]
[Thu Jun 11 14:16:16.785135 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup.tar.bz2"] [unique_id "airtYKzVaq-mvl-Hfs-4ygAAABc"]
[Thu Jun 11 14:16:16.785506 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:40978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4ygAAABc"]
[Thu Jun 11 14:16:16.785194 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:40600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/docker/docker-compose.prod.yml"] [unique_id "airtYEKTwdTIu69rj43oYwAAAM0"]
[Thu Jun 11 14:16:16.787047 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:40652] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "airtYEKTwdTIu69rj43oZwAAAME"]
[Thu Jun 11 14:16:16.787707 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40884] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/dump.sql.gz"] [unique_id "airtYKzVaq-mvl-Hfs-4yQAAABM"]
[Thu Jun 11 14:16:16.788108 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/dump.sql.gz"] [unique_id "airtYKzVaq-mvl-Hfs-4yQAAABM"]
[Thu Jun 11 14:16:16.788499 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:40884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4yQAAABM"]
[Thu Jun 11 14:16:16.790015 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40972] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/web.zip"] [unique_id "airtYE4Kpjoch0F_BSqCzQAAAEQ"]
[Thu Jun 11 14:16:16.790567 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/web.zip"] [unique_id "airtYE4Kpjoch0F_BSqCzQAAAEQ"]
[Thu Jun 11 14:16:16.790963 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:40972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCzQAAAEQ"]
[Thu Jun 11 14:16:16.792352 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:40902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrRzwAAAJA"]
[Thu Jun 11 14:16:16.794758 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40956] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/dump.zip"] [unique_id "airtYP8lKn4qdPkDWlDDrAAAAQw"]
[Thu Jun 11 14:16:16.795152 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/dump.zip"] [unique_id "airtYP8lKn4qdPkDWlDDrAAAAQw"]
[Thu Jun 11 14:16:16.795711 2026] [security2:error] [pid 3902:tid 3921] [client 34.17.141.62:40956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDrAAAAQw"]
[Thu Jun 11 14:16:16.796227 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40994] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/sql/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obAAAANc"]
[Thu Jun 11 14:16:16.796325 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40994] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/sql/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obAAAANc"]
[Thu Jun 11 14:16:16.797897 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40958] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/site.zip"] [unique_id "airtYDlbUCMVJYfLxkrR0AAAAIo"]
[Thu Jun 11 14:16:16.798264 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:40724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oaAAAANE"]
[Thu Jun 11 14:16:16.801099 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/sql/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obAAAANc"]
[Thu Jun 11 14:16:16.799654 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/site.zip"] [unique_id "airtYDlbUCMVJYfLxkrR0AAAAIo"]
[Thu Jun 11 14:16:16.803615 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:40958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR0AAAAIo"]
[Thu Jun 11 14:16:16.805751 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40968] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/www.zip"] [unique_id "airtYE4Kpjoch0F_BSqCzgAAAFM"]
[Thu Jun 11 14:16:16.806235 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/www.zip"] [unique_id "airtYE4Kpjoch0F_BSqCzgAAAFM"]
[Thu Jun 11 14:16:16.806719 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:40968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCzgAAAFM"]
[Thu Jun 11 14:16:16.806974 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:41026] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/backup/db.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4ywAAAAk"]
[Thu Jun 11 14:16:16.807085 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:41026] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup/db.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4ywAAAAk"]
[Thu Jun 11 14:16:16.807374 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:41026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup/db.sql"] [unique_id "airtYKzVaq-mvl-Hfs-4ywAAAAk"]
[Thu Jun 11 14:16:16.807771 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:41026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4ywAAAAk"]
[Thu Jun 11 14:16:16.812288 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41006] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/sql/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCzwAAAEI"]
[Thu Jun 11 14:16:16.812392 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41006] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/sql/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCzwAAAEI"]
[Thu Jun 11 14:16:16.812715 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/sql/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqCzwAAAEI"]
[Thu Jun 11 14:16:16.813134 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqCzwAAAEI"]
[Thu Jun 11 14:16:16.817765 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:41048] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-4zAAAAAQ"]
[Thu Jun 11 14:16:16.818089 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:41048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-4zAAAAAQ"]
[Thu Jun 11 14:16:16.818415 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:41048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4zAAAAAQ"]
[Thu Jun 11 14:16:16.820335 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41034] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/firebase-credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqC0AAAAEc"]
[Thu Jun 11 14:16:16.827677 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/firebase-credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqC0AAAAEc"]
[Thu Jun 11 14:16:16.828187 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC0AAAAEc"]
[Thu Jun 11 14:16:16.829507 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:41084] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/backups/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqC0QAAAFA"]
[Thu Jun 11 14:16:16.829928 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:40894] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrR0gAAAIQ"]
[Thu Jun 11 14:16:16.830085 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:41084] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backups/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqC0QAAAFA"]
[Thu Jun 11 14:16:16.830401 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:41084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backups/dump.sql"] [unique_id "airtYE4Kpjoch0F_BSqC0QAAAFA"]
[Thu Jun 11 14:16:16.830790 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:41084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC0QAAAFA"]
[Thu Jun 11 14:16:16.833233 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:40652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/kubernetes.yaml"] [unique_id "airtYEKTwdTIu69rj43oZwAAAME"]
[Thu Jun 11 14:16:16.829991 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup.tar.gz"] [unique_id "airtYDlbUCMVJYfLxkrR0wAAAIE"]
[Thu Jun 11 14:16:16.840858 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:41118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/actuator/heapdump"] [unique_id "airtYE4Kpjoch0F_BSqC0gAAAE0"]
[Thu Jun 11 14:16:16.841135 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:41118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/actuator/heapdump"] [unique_id "airtYE4Kpjoch0F_BSqC0gAAAE0"]
[Thu Jun 11 14:16:16.841704 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:41118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC0gAAAE0"]
[Thu Jun 11 14:16:16.852023 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41142] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "airtYEKTwdTIu69rj43obwAAAMo"]
[Thu Jun 11 14:16:16.852137 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41142] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "airtYEKTwdTIu69rj43obwAAAMo"]
[Thu Jun 11 14:16:16.852456 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/tmp/dump.sql"] [unique_id "airtYEKTwdTIu69rj43obwAAAMo"]
[Thu Jun 11 14:16:16.854122 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup.tar.gz"] [unique_id "airtYDlbUCMVJYfLxkrR0wAAAIE"]
[Thu Jun 11 14:16:16.842737 2026] [security2:error] [pid 21243:tid 21268] [client 34.17.141.62:40586] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/logfile"] [unique_id "airtYEKTwdTIu69rj43oZAAAANY"]
[Thu Jun 11 14:16:16.856794 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:40600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oYwAAAM0"]
[Thu Jun 11 14:16:16.856638 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:40894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/credentials.json"] [unique_id "airtYDlbUCMVJYfLxkrR0gAAAIQ"]
[Thu Jun 11 14:16:16.855974 2026] [security2:error] [pid 21243:tid 21268] [client 34.17.141.62:40586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/logfile"] [unique_id "airtYEKTwdTIu69rj43oZAAAANY"]
[Thu Jun 11 14:16:16.857591 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43obwAAAMo"]
[Thu Jun 11 14:16:16.857814 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:40994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43obAAAANc"]
[Thu Jun 11 14:16:16.859276 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:41170] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.js"] [unique_id "airtYKzVaq-mvl-Hfs-4zQAAAA8"]
[Thu Jun 11 14:16:16.859538 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:41170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.js"] [unique_id "airtYKzVaq-mvl-Hfs-4zQAAAA8"]
[Thu Jun 11 14:16:16.859892 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:41170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4zQAAAA8"]
[Thu Jun 11 14:16:16.861112 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:40470] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/aws.json"] [unique_id "airtYEKTwdTIu69rj43oZQAAAMA"]
[Thu Jun 11 14:16:16.861627 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:40652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oZwAAAME"]
[Thu Jun 11 14:16:16.863396 2026] [security2:error] [pid 21243:tid 21268] [client 34.17.141.62:40586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oZAAAANY"]
[Thu Jun 11 14:16:16.864692 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:41126] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqC0wAAAEE"]
[Thu Jun 11 14:16:16.864828 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:41126] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /config/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqC0wAAAEE"]
[Thu Jun 11 14:16:16.865182 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:41126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/.aws/credentials"] [unique_id "airtYE4Kpjoch0F_BSqC0wAAAEE"]
[Thu Jun 11 14:16:16.865665 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:41126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC0wAAAEE"]
[Thu Jun 11 14:16:16.876135 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:41186] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.json"] [unique_id "airtYP8lKn4qdPkDWlDDrgAAARE"]
[Thu Jun 11 14:16:16.876489 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:41186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.json"] [unique_id "airtYP8lKn4qdPkDWlDDrgAAARE"]
[Thu Jun 11 14:16:16.876916 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:41186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDrgAAARE"]
[Thu Jun 11 14:16:16.878065 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:40838] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/database.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1AAAAIk"]
[Thu Jun 11 14:16:16.878334 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:40946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR0wAAAIE"]
[Thu Jun 11 14:16:16.876762 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:40922] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup.zip"] [unique_id "airtYDlbUCMVJYfLxkrR0QAAAJY"]
[Thu Jun 11 14:16:16.879962 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:41148] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/exports/db.sql"] [unique_id "airtYP8lKn4qdPkDWlDDrQAAAQc"]
[Thu Jun 11 14:16:16.880108 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:41148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/exports/db.sql"] [unique_id "airtYP8lKn4qdPkDWlDDrQAAAQc"]
[Thu Jun 11 14:16:16.880448 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:41148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/exports/db.sql"] [unique_id "airtYP8lKn4qdPkDWlDDrQAAAQc"]
[Thu Jun 11 14:16:16.880906 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:41148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDrQAAAQc"]
[Thu Jun 11 14:16:16.864060 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:40470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/aws.json"] [unique_id "airtYEKTwdTIu69rj43oZQAAAMA"]
[Thu Jun 11 14:16:16.887524 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41202] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.yml"] [unique_id "airtYEKTwdTIu69rj43ocgAAANU"]
[Thu Jun 11 14:16:16.887905 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.yml"] [unique_id "airtYEKTwdTIu69rj43ocgAAANU"]
[Thu Jun 11 14:16:16.894327 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:41222] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/config.ini"] [unique_id "airtYKzVaq-mvl-Hfs-4zgAAABA"]
[Thu Jun 11 14:16:16.894515 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:41222] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.ini"] [unique_id "airtYKzVaq-mvl-Hfs-4zgAAABA"]
[Thu Jun 11 14:16:16.894852 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:41222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.ini"] [unique_id "airtYKzVaq-mvl-Hfs-4zgAAABA"]
[Thu Jun 11 14:16:16.895251 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:41222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4zgAAABA"]
[Thu Jun 11 14:16:16.895676 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:40838] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1AAAAIk"]
[Thu Jun 11 14:16:16.897710 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41214] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.yaml"] [unique_id "airtYE4Kpjoch0F_BSqC1QAAAFg"]
[Thu Jun 11 14:16:16.898084 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.yaml"] [unique_id "airtYE4Kpjoch0F_BSqC1QAAAFg"]
[Thu Jun 11 14:16:16.898493 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC1QAAAFg"]
[Thu Jun 11 14:16:16.898832 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:40894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR0gAAAIQ"]
[Thu Jun 11 14:16:16.898246 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:40922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup.zip"] [unique_id "airtYDlbUCMVJYfLxkrR0QAAAJY"]
[Thu Jun 11 14:16:16.899961 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:41244] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.env"] [unique_id "airtYP8lKn4qdPkDWlDDrwAAAQQ"]
[Thu Jun 11 14:16:16.900315 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:41244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.env"] [unique_id "airtYP8lKn4qdPkDWlDDrwAAAQQ"]
[Thu Jun 11 14:16:16.900675 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:41244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDrwAAAQQ"]
[Thu Jun 11 14:16:16.901120 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:40838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1AAAAIk"]
[Thu Jun 11 14:16:16.906782 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:40838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR1AAAAIk"]
[Thu Jun 11 14:16:16.902317 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:40866] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup.sql.gz"] [unique_id "airtYEKTwdTIu69rj43ocQAAAMw"]
[Thu Jun 11 14:16:16.910734 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:41100] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/heapdump"] [unique_id "airtYDlbUCMVJYfLxkrR2QAAAII"]
[Thu Jun 11 14:16:16.911050 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:41100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v2/actuator/heapdump"] [unique_id "airtYDlbUCMVJYfLxkrR2QAAAII"]
[Thu Jun 11 14:16:16.911497 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43ocgAAANU"]
[Thu Jun 11 14:16:16.906942 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:40778] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "airtYEKTwdTIu69rj43oaQAAAMs"]
[Thu Jun 11 14:16:16.912039 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:40922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR0QAAAJY"]
[Thu Jun 11 14:16:16.912715 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:41072] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/backup/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1gAAAIw"]
[Thu Jun 11 14:16:16.912845 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:41072] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backup/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1gAAAIw"]
[Thu Jun 11 14:16:16.913197 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:41072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup/dump.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1gAAAIw"]
[Thu Jun 11 14:16:16.913765 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:41072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR1gAAAIw"]
[Thu Jun 11 14:16:16.915557 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:41232] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/gcp-credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqC1gAAAFI"]
[Thu Jun 11 14:16:16.915968 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:41232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/gcp-credentials.json"] [unique_id "airtYE4Kpjoch0F_BSqC1gAAAFI"]
[Thu Jun 11 14:16:16.916413 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:41232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC1gAAAFI"]
[Thu Jun 11 14:16:16.916478 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:41014] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/sql/db.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1wAAAIU"]
[Thu Jun 11 14:16:16.916632 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:41014] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/sql/db.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1wAAAIU"]
[Thu Jun 11 14:16:16.916935 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:41014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/sql/db.sql"] [unique_id "airtYDlbUCMVJYfLxkrR1wAAAIU"]
[Thu Jun 11 14:16:16.917378 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:41014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR1wAAAIU"]
[Thu Jun 11 14:16:16.917531 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:40410] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/configprops"] [unique_id "airtYEKTwdTIu69rj43oZgAAANI"]
[Thu Jun 11 14:16:16.919015 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:41156] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config.php"] [unique_id "airtYDlbUCMVJYfLxkrR2AAAAJc"]
[Thu Jun 11 14:16:16.919354 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:41156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config.php"] [unique_id "airtYDlbUCMVJYfLxkrR2AAAAJc"]
[Thu Jun 11 14:16:16.919997 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:41156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR2AAAAJc"]
[Thu Jun 11 14:16:16.920689 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:41100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR2QAAAII"]
[Thu Jun 11 14:16:16.928225 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:41278] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings.php"] [unique_id "airtYP8lKn4qdPkDWlDDsAAAAQU"]
[Thu Jun 11 14:16:16.928597 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:41278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings.php"] [unique_id "airtYP8lKn4qdPkDWlDDsAAAAQU"]
[Thu Jun 11 14:16:16.929149 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:41278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDsAAAAQU"]
[Thu Jun 11 14:16:16.933943 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:41264] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/configuration.json"] [unique_id "airtYKzVaq-mvl-Hfs-4zwAAAAU"]
[Thu Jun 11 14:16:16.934376 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:41264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/configuration.json"] [unique_id "airtYKzVaq-mvl-Hfs-4zwAAAAU"]
[Thu Jun 11 14:16:16.934775 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:41264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-4zwAAAAU"]
[Thu Jun 11 14:16:16.936054 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41230] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/service-account.json"] [unique_id "airtYDlbUCMVJYfLxkrR2gAAAJU"]
[Thu Jun 11 14:16:16.936615 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/service-account.json"] [unique_id "airtYDlbUCMVJYfLxkrR2gAAAJU"]
[Thu Jun 11 14:16:16.936982 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR2gAAAJU"]
[Thu Jun 11 14:16:16.941908 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obQAAAM8"]
[Thu Jun 11 14:16:16.938638 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40868] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/aws.json"] [unique_id "airtYEKTwdTIu69rj43obgAAAMk"]
[Thu Jun 11 14:16:16.937344 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:40824] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/db.sql"] [unique_id "airtYEKTwdTIu69rj43oawAAAMg"]
[Thu Jun 11 14:16:16.946833 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:41312] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings.py"] [unique_id "airtYKzVaq-mvl-Hfs-40AAAAA0"]
[Thu Jun 11 14:16:16.946876 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:41322] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings.json"] [unique_id "airtYP8lKn4qdPkDWlDDsQAAAQY"]
[Thu Jun 11 14:16:16.947222 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:41312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings.py"] [unique_id "airtYKzVaq-mvl-Hfs-40AAAAA0"]
[Thu Jun 11 14:16:16.947238 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:41322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings.json"] [unique_id "airtYP8lKn4qdPkDWlDDsQAAAQY"]
[Thu Jun 11 14:16:16.947562 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:41312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-40AAAAA0"]
[Thu Jun 11 14:16:16.947623 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:41322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDsQAAAQY"]
[Thu Jun 11 14:16:16.948665 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:40866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backup.sql.gz"] [unique_id "airtYEKTwdTIu69rj43ocQAAAMw"]
[Thu Jun 11 14:16:16.949791 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:40756] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "airtYEKTwdTIu69rj43oagAAAMU"]
[Thu Jun 11 14:16:16.949820 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:40778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/infra/terraform.tfvars"] [unique_id "airtYEKTwdTIu69rj43oaQAAAMs"]
[Thu Jun 11 14:16:16.950116 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:40470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oZQAAAMA"]
[Thu Jun 11 14:16:16.950173 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:40410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/configprops"] [unique_id "airtYEKTwdTIu69rj43oZgAAANI"]
[Thu Jun 11 14:16:16.953388 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:41270] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/configuration.yml"] [unique_id "airtYE4Kpjoch0F_BSqC2AAAAEo"]
[Thu Jun 11 14:16:16.953725 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:40824] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.sql"] [unique_id "airtYEKTwdTIu69rj43oawAAAMg"]
[Thu Jun 11 14:16:16.953974 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41106] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obQAAAM8"]
[Thu Jun 11 14:16:16.955230 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:40778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oaQAAAMs"]
[Thu Jun 11 14:16:16.956807 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:41396] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application.yml"] [unique_id "airtYP8lKn4qdPkDWlDDsgAAAQE"]
[Thu Jun 11 14:16:16.957123 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:41396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application.yml"] [unique_id "airtYP8lKn4qdPkDWlDDsgAAAQE"]
[Thu Jun 11 14:16:16.957547 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:41396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDsgAAAQE"]
[Thu Jun 11 14:16:16.954920 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:40756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/helm/values-production.yaml"] [unique_id "airtYEKTwdTIu69rj43oagAAAMU"]
[Thu Jun 11 14:16:16.958312 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:41340] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/cloud.json"] [unique_id "airtYE4Kpjoch0F_BSqC1wAAAFc"]
[Thu Jun 11 14:16:16.958475 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:41372] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDswAAARg"]
[Thu Jun 11 14:16:16.958770 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:41270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/configuration.yml"] [unique_id "airtYE4Kpjoch0F_BSqC2AAAAEo"]
[Thu Jun 11 14:16:16.958876 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:41372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/actuator/heapdump"] [unique_id "airtYP8lKn4qdPkDWlDDswAAARg"]
[Thu Jun 11 14:16:16.959189 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:41372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDswAAARg"]
[Thu Jun 11 14:16:16.959190 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:41270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC2AAAAEo"]
[Thu Jun 11 14:16:16.959364 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:41340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/cloud.json"] [unique_id "airtYE4Kpjoch0F_BSqC1wAAAFc"]
[Thu Jun 11 14:16:16.959949 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:41340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC1wAAAFc"]
[Thu Jun 11 14:16:16.960516 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41326] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-40QAAAAE"]
[Thu Jun 11 14:16:16.960962 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/heapdump"] [unique_id "airtYKzVaq-mvl-Hfs-40QAAAAE"]
[Thu Jun 11 14:16:16.961250 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:41356] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/google-credentials.json"] [unique_id "airtYKzVaq-mvl-Hfs-40gAAABg"]
[Thu Jun 11 14:16:16.961279 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-40QAAAAE"]
[Thu Jun 11 14:16:16.961689 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:41356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/google-credentials.json"] [unique_id "airtYKzVaq-mvl-Hfs-40gAAABg"]
[Thu Jun 11 14:16:16.962023 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:41356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-40gAAABg"]
[Thu Jun 11 14:16:16.962471 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:41380] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/settings.ini"] [unique_id "airtYP8lKn4qdPkDWlDDtAAAARY"]
[Thu Jun 11 14:16:16.962667 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:41380] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings.ini"] [unique_id "airtYP8lKn4qdPkDWlDDtAAAARY"]
[Thu Jun 11 14:16:16.962975 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:41380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings.ini"] [unique_id "airtYP8lKn4qdPkDWlDDtAAAARY"]
[Thu Jun 11 14:16:16.963293 2026] [security2:error] [pid 3902:tid 3931] [client 34.17.141.62:41380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYP8lKn4qdPkDWlDDtAAAARY"]
[Thu Jun 11 14:16:16.965730 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:41078] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/backups/db.sql"] [unique_id "airtYEKTwdTIu69rj43odAAAAMM"]
[Thu Jun 11 14:16:16.965832 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:41078] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backups/db.sql"] [unique_id "airtYEKTwdTIu69rj43odAAAAMM"]
[Thu Jun 11 14:16:16.966355 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:41078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backups/db.sql"] [unique_id "airtYEKTwdTIu69rj43odAAAAMM"]
[Thu Jun 11 14:16:16.964803 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/aws.json"] [unique_id "airtYEKTwdTIu69rj43obgAAAMk"]
[Thu Jun 11 14:16:16.967435 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/tmp/backup.sql"] [unique_id "airtYEKTwdTIu69rj43obQAAAM8"]
[Thu Jun 11 14:16:16.968049 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:41078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43odAAAAMM"]
[Thu Jun 11 14:16:16.967862 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:40824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.sql"] [unique_id "airtYEKTwdTIu69rj43oawAAAMg"]
[Thu Jun 11 14:16:16.968726 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:41064] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/configprops"] [unique_id "airtYEKTwdTIu69rj43ocAAAAMc"]
[Thu Jun 11 14:16:16.969292 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:40410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oZgAAANI"]
[Thu Jun 11 14:16:16.969733 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41402] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application.yaml"] [unique_id "airtYE4Kpjoch0F_BSqC2QAAAFU"]
[Thu Jun 11 14:16:16.970215 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application.yaml"] [unique_id "airtYE4Kpjoch0F_BSqC2QAAAFU"]
[Thu Jun 11 14:16:16.970417 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:40866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43ocQAAAMw"]
[Thu Jun 11 14:16:16.970597 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYE4Kpjoch0F_BSqC2QAAAFU"]
[Thu Jun 11 14:16:16.970793 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43obQAAAM8"]
[Thu Jun 11 14:16:16.970921 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:40756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oagAAAMU"]
[Thu Jun 11 14:16:16.971110 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:41294] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.gcloud/credentials.json"] [unique_id "airtYEKTwdTIu69rj43odQAAANA"]
[Thu Jun 11 14:16:16.971265 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:41064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/configprops"] [unique_id "airtYEKTwdTIu69rj43ocAAAAMc"]
[Thu Jun 11 14:16:16.971504 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:41252] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/configuration.php"] [unique_id "airtYEKTwdTIu69rj43ocwAAAMQ"]
[Thu Jun 11 14:16:16.972154 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:41412] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application.json"] [unique_id "airtYKzVaq-mvl-Hfs-40wAAAA4"]
[Thu Jun 11 14:16:16.972207 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:41294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.gcloud/credentials.json"] [unique_id "airtYEKTwdTIu69rj43odQAAANA"]
[Thu Jun 11 14:16:16.972434 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:41412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application.json"] [unique_id "airtYKzVaq-mvl-Hfs-40wAAAA4"]
[Thu Jun 11 14:16:16.972630 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:40868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43obgAAAMk"]
[Thu Jun 11 14:16:16.972772 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:41412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYKzVaq-mvl-Hfs-40wAAAA4"]
[Thu Jun 11 14:16:16.974362 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:40824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43oawAAAMg"]
[Thu Jun 11 14:16:16.974536 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:41252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/configuration.php"] [unique_id "airtYEKTwdTIu69rj43ocwAAAMQ"]
[Thu Jun 11 14:16:16.985701 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:41064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43ocAAAAMc"]
[Thu Jun 11 14:16:16.988908 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:41252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43ocwAAAMQ"]
[Thu Jun 11 14:16:16.989660 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:41294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYEKTwdTIu69rj43odQAAANA"]
[Thu Jun 11 14:16:16.992719 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:41310] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "airtYDlbUCMVJYfLxkrR3AAAAJg"]
[Thu Jun 11 14:16:16.992882 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:41310] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "airtYDlbUCMVJYfLxkrR3AAAAJg"]
[Thu Jun 11 14:16:16.993359 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:41310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.config/gcloud/credentials.db"] [unique_id "airtYDlbUCMVJYfLxkrR3AAAAJg"]
[Thu Jun 11 14:16:16.993854 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:41310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYDlbUCMVJYfLxkrR3AAAAJg"]
[Thu Jun 11 14:16:17.009886 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:41436] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app.yml"] [unique_id "airtYU4Kpjoch0F_BSqC2gAAAFE"]
[Thu Jun 11 14:16:17.010408 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:41436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app.yml"] [unique_id "airtYU4Kpjoch0F_BSqC2gAAAFE"]
[Thu Jun 11 14:16:17.010916 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:41436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC2gAAAFE"]
[Thu Jun 11 14:16:17.012368 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:41424] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app.json"] [unique_id "airtYazVaq-mvl-Hfs-41AAAABY"]
[Thu Jun 11 14:16:17.012834 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:41424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app.json"] [unique_id "airtYazVaq-mvl-Hfs-41AAAABY"]
[Thu Jun 11 14:16:17.013370 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:41424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-41AAAABY"]
[Thu Jun 11 14:16:17.014896 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:41452] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/appsettings.json"] [unique_id "airtYUKTwdTIu69rj43odgAAAMI"]
[Thu Jun 11 14:16:17.015112 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:41452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/appsettings.json"] [unique_id "airtYUKTwdTIu69rj43odgAAAMI"]
[Thu Jun 11 14:16:17.019190 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:41408] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDDtQAAARI"]
[Thu Jun 11 14:16:17.019507 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:41408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDDtQAAARI"]
[Thu Jun 11 14:16:17.019930 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:41408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDtQAAARI"]
[Thu Jun 11 14:16:17.020108 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:41452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43odgAAAMI"]
[Thu Jun 11 14:16:17.023850 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:41466] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "airtYf8lKn4qdPkDWlDDtgAAAQM"]
[Thu Jun 11 14:16:17.024164 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:41466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/appsettings.Development.json"] [unique_id "airtYf8lKn4qdPkDWlDDtgAAAQM"]
[Thu Jun 11 14:16:17.024443 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:41466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDtgAAAQM"]
[Thu Jun 11 14:16:17.026075 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:41464] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "airtYazVaq-mvl-Hfs-41QAAABI"]
[Thu Jun 11 14:16:17.026409 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:41464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/appsettings.Production.json"] [unique_id "airtYazVaq-mvl-Hfs-41QAAABI"]
[Thu Jun 11 14:16:17.028071 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:41464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-41QAAABI"]
[Thu Jun 11 14:16:17.038331 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:41376] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings.yml"] [unique_id "airtYTlbUCMVJYfLxkrR3QAAAIs"]
[Thu Jun 11 14:16:17.039229 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:41426] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app.yaml"] [unique_id "airtYU4Kpjoch0F_BSqC2wAAAEY"]
[Thu Jun 11 14:16:17.039701 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:41426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app.yaml"] [unique_id "airtYU4Kpjoch0F_BSqC2wAAAEY"]
[Thu Jun 11 14:16:17.040038 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:41426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC2wAAAEY"]
[Thu Jun 11 14:16:17.040532 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:41376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings.yml"] [unique_id "airtYTlbUCMVJYfLxkrR3QAAAIs"]
[Thu Jun 11 14:16:17.041797 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:41376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR3QAAAIs"]
[Thu Jun 11 14:16:17.046377 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:41490] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/parameters.yaml"] [unique_id "airtYTlbUCMVJYfLxkrR3wAAAI4"]
[Thu Jun 11 14:16:17.046967 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:41490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/parameters.yaml"] [unique_id "airtYTlbUCMVJYfLxkrR3wAAAI4"]
[Thu Jun 11 14:16:17.048113 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:41490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR3wAAAI4"]
[Thu Jun 11 14:16:17.058428 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:41496] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/parameters.php"] [unique_id "airtYUKTwdTIu69rj43odwAAANE"]
[Thu Jun 11 14:16:17.058884 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:41496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/parameters.php"] [unique_id "airtYUKTwdTIu69rj43odwAAANE"]
[Thu Jun 11 14:16:17.059204 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:41496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43odwAAANE"]
[Thu Jun 11 14:16:17.060760 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:41520] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.yaml"] [unique_id "airtYU4Kpjoch0F_BSqC3AAAAEA"]
[Thu Jun 11 14:16:17.061089 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:41520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.yaml"] [unique_id "airtYU4Kpjoch0F_BSqC3AAAAEA"]
[Thu Jun 11 14:16:17.062025 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:41520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC3AAAAEA"]
[Thu Jun 11 14:16:17.067825 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:41526] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR4AAAAI0"]
[Thu Jun 11 14:16:17.068220 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:41526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR4AAAAI0"]
[Thu Jun 11 14:16:17.068621 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:41526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR4AAAAI0"]
[Thu Jun 11 14:16:17.071399 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:41476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/parameters.yml"] [unique_id "airtYazVaq-mvl-Hfs-41gAAAAo"]
[Thu Jun 11 14:16:17.071775 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:41476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/parameters.yml"] [unique_id "airtYazVaq-mvl-Hfs-41gAAAAo"]
[Thu Jun 11 14:16:17.072063 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:41476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-41gAAAAo"]
[Thu Jun 11 14:16:17.075184 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:41512] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDtwAAAQ4"]
[Thu Jun 11 14:16:17.075300 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:41512] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDtwAAAQ4"]
[Thu Jun 11 14:16:17.075465 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:41512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDtwAAAQ4"]
[Thu Jun 11 14:16:17.079782 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:41512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDtwAAAQ4"]
[Thu Jun 11 14:16:17.109892 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:41540] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/database.ini"] [unique_id "airtYf8lKn4qdPkDWlDDuAAAARM"]
[Thu Jun 11 14:16:17.110271 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:41540] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.ini"] [unique_id "airtYf8lKn4qdPkDWlDDuAAAARM"]
[Thu Jun 11 14:16:17.110773 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:41574] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.yml"] [unique_id "airtYU4Kpjoch0F_BSqC3QAAAE4"]
[Thu Jun 11 14:16:17.110792 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:41540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.ini"] [unique_id "airtYf8lKn4qdPkDWlDDuAAAARM"]
[Thu Jun 11 14:16:17.111226 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:41574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.yml"] [unique_id "airtYU4Kpjoch0F_BSqC3QAAAE4"]
[Thu Jun 11 14:16:17.111282 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:41540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDuAAAARM"]
[Thu Jun 11 14:16:17.111710 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:41574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC3QAAAE4"]
[Thu Jun 11 14:16:17.115309 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:41552] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.php"] [unique_id "airtYazVaq-mvl-Hfs-41wAAAAw"]
[Thu Jun 11 14:16:17.115660 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:41552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.php"] [unique_id "airtYazVaq-mvl-Hfs-41wAAAAw"]
[Thu Jun 11 14:16:17.116161 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:41552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-41wAAAAw"]
[Thu Jun 11 14:16:17.118694 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:41558] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/db.json"] [unique_id "airtYTlbUCMVJYfLxkrR4QAAAIg"]
[Thu Jun 11 14:16:17.119001 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:41558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/db.json"] [unique_id "airtYTlbUCMVJYfLxkrR4QAAAIg"]
[Thu Jun 11 14:16:17.119384 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:41558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR4QAAAIg"]
[Thu Jun 11 14:16:17.120483 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:41538] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/database.json"] [unique_id "airtYUKTwdTIu69rj43oeQAAAM0"]
[Thu Jun 11 14:16:17.120867 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:41538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/database.json"] [unique_id "airtYUKTwdTIu69rj43oeQAAAM0"]
[Thu Jun 11 14:16:17.121409 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:41538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oeQAAAM0"]
[Thu Jun 11 14:16:17.125627 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:41606] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/credentials.yml"] [unique_id "airtYf8lKn4qdPkDWlDDuQAAAQo"]
[Thu Jun 11 14:16:17.125930 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:41606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/credentials.yml"] [unique_id "airtYf8lKn4qdPkDWlDDuQAAAQo"]
[Thu Jun 11 14:16:17.126381 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:41606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDuQAAAQo"]
[Thu Jun 11 14:16:17.128020 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:41642] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets.yaml"] [unique_id "airtYf8lKn4qdPkDWlDDugAAARU"]
[Thu Jun 11 14:16:17.128312 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:41642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets.yaml"] [unique_id "airtYf8lKn4qdPkDWlDDugAAARU"]
[Thu Jun 11 14:16:17.129823 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:41614] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/credentials.yaml"] [unique_id "airtYazVaq-mvl-Hfs-42AAAAAs"]
[Thu Jun 11 14:16:17.130189 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:41614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/credentials.yaml"] [unique_id "airtYazVaq-mvl-Hfs-42AAAAAs"]
[Thu Jun 11 14:16:17.130557 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:41614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-42AAAAAs"]
[Thu Jun 11 14:16:17.132537 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:41620] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets.json"] [unique_id "airtYU4Kpjoch0F_BSqC3gAAAEM"]
[Thu Jun 11 14:16:17.132954 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:41620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets.json"] [unique_id "airtYU4Kpjoch0F_BSqC3gAAAEM"]
[Thu Jun 11 14:16:17.133258 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:41620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC3gAAAEM"]
[Thu Jun 11 14:16:17.134872 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:41652] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets.env"] [unique_id "airtYazVaq-mvl-Hfs-42QAAABE"]
[Thu Jun 11 14:16:17.135249 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:41590] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/credentials.json"] [unique_id "airtYUKTwdTIu69rj43oegAAANc"]
[Thu Jun 11 14:16:17.135296 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:41652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets.env"] [unique_id "airtYazVaq-mvl-Hfs-42QAAABE"]
[Thu Jun 11 14:16:17.135675 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:41652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-42QAAABE"]
[Thu Jun 11 14:16:17.135675 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:41590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/credentials.json"] [unique_id "airtYUKTwdTIu69rj43oegAAANc"]
[Thu Jun 11 14:16:17.136072 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:41642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDugAAARU"]
[Thu Jun 11 14:16:17.136643 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:41590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oegAAANc"]
[Thu Jun 11 14:16:17.139115 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41628] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secrets.yml"] [unique_id "airtYUKTwdTIu69rj43oewAAAMo"]
[Thu Jun 11 14:16:17.139412 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secrets.yml"] [unique_id "airtYUKTwdTIu69rj43oewAAAMo"]
[Thu Jun 11 14:16:17.139866 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:41628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oewAAAMo"]
[Thu Jun 11 14:16:17.148366 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:41670] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private.json"] [unique_id "airtYUKTwdTIu69rj43ofAAAAME"]
[Thu Jun 11 14:16:17.148666 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:41670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private.json"] [unique_id "airtYUKTwdTIu69rj43ofAAAAME"]
[Thu Jun 11 14:16:17.149100 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:41670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ofAAAAME"]
[Thu Jun 11 14:16:17.154479 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:41690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api_keys.json"] [unique_id "airtYf8lKn4qdPkDWlDDvAAAAQs"]
[Thu Jun 11 14:16:17.154643 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:41686] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/keys.json"] [unique_id "airtYTlbUCMVJYfLxkrR4gAAAJE"]
[Thu Jun 11 14:16:17.154805 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:41690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api_keys.json"] [unique_id "airtYf8lKn4qdPkDWlDDvAAAAQs"]
[Thu Jun 11 14:16:17.155106 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:41686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/keys.json"] [unique_id "airtYTlbUCMVJYfLxkrR4gAAAJE"]
[Thu Jun 11 14:16:17.155196 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:41690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDvAAAAQs"]
[Thu Jun 11 14:16:17.155641 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:41686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR4gAAAJE"]
[Thu Jun 11 14:16:17.165174 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:41668] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/secret.json"] [unique_id "airtYU4Kpjoch0F_BSqC3wAAAFQ"]
[Thu Jun 11 14:16:17.165503 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:41668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/secret.json"] [unique_id "airtYU4Kpjoch0F_BSqC3wAAAFQ"]
[Thu Jun 11 14:16:17.165922 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:41668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC3wAAAFQ"]
[Thu Jun 11 14:16:17.167563 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:41702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api-keys.json"] [unique_id "airtYazVaq-mvl-Hfs-42gAAAAI"]
[Thu Jun 11 14:16:17.169531 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:41702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api-keys.json"] [unique_id "airtYazVaq-mvl-Hfs-42gAAAAI"]
[Thu Jun 11 14:16:17.169860 2026] [security2:error] [pid 21296:tid 21302] [client 34.17.141.62:41702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-42gAAAAI"]
[Thu Jun 11 14:16:17.177041 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:41718] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api_keys.yml"] [unique_id "airtYTlbUCMVJYfLxkrR4wAAAJA"]
[Thu Jun 11 14:16:17.177395 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:41718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api_keys.yml"] [unique_id "airtYTlbUCMVJYfLxkrR4wAAAJA"]
[Thu Jun 11 14:16:17.178335 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:41718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR4wAAAJA"]
[Thu Jun 11 14:16:17.210302 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:41740] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/config.php"] [unique_id "airtYazVaq-mvl-Hfs-42wAAAAY"]
[Thu Jun 11 14:16:17.210324 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41732] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/config.yml"] [unique_id "airtYU4Kpjoch0F_BSqC4AAAAFg"]
[Thu Jun 11 14:16:17.210763 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/config.yml"] [unique_id "airtYU4Kpjoch0F_BSqC4AAAAFg"]
[Thu Jun 11 14:16:17.210764 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:41740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/config.php"] [unique_id "airtYazVaq-mvl-Hfs-42wAAAAY"]
[Thu Jun 11 14:16:17.211181 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:41740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-42wAAAAY"]
[Thu Jun 11 14:16:17.211349 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:41732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC4AAAAFg"]
[Thu Jun 11 14:16:17.214138 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41770] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/settings.yml"] [unique_id "airtYUKTwdTIu69rj43ofQAAANU"]
[Thu Jun 11 14:16:17.214143 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41754] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/settings.json"] [unique_id "airtYTlbUCMVJYfLxkrR5AAAAJU"]
[Thu Jun 11 14:16:17.214459 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/settings.json"] [unique_id "airtYTlbUCMVJYfLxkrR5AAAAJU"]
[Thu Jun 11 14:16:17.214561 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/settings.yml"] [unique_id "airtYUKTwdTIu69rj43ofQAAANU"]
[Thu Jun 11 14:16:17.214862 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:41754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR5AAAAJU"]
[Thu Jun 11 14:16:17.214935 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:41770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ofQAAANU"]
[Thu Jun 11 14:16:17.215876 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:41722] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDvQAAARc"]
[Thu Jun 11 14:16:17.216275 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:41722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDvQAAARc"]
[Thu Jun 11 14:16:17.217669 2026] [security2:error] [pid 3902:tid 3932] [client 34.17.141.62:41722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDvQAAARc"]
[Thu Jun 11 14:16:17.219472 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:41778] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDvgAAAQ0"]
[Thu Jun 11 14:16:17.219646 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:41778] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /api/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/api/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDvgAAAQ0"]
[Thu Jun 11 14:16:17.219878 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:41778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/database.yml"] [unique_id "airtYf8lKn4qdPkDWlDDvgAAAQ0"]
[Thu Jun 11 14:16:17.220240 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:41778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDvgAAAQ0"]
[Thu Jun 11 14:16:17.223057 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41796] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/application.yml"] [unique_id "airtYazVaq-mvl-Hfs-43AAAAAE"]
[Thu Jun 11 14:16:17.223444 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/application.yml"] [unique_id "airtYazVaq-mvl-Hfs-43AAAAAE"]
[Thu Jun 11 14:16:17.223849 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:41796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-43AAAAAE"]
[Thu Jun 11 14:16:17.229884 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:41786] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR5QAAAIo"]
[Thu Jun 11 14:16:17.230249 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:41786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR5QAAAIo"]
[Thu Jun 11 14:16:17.230675 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:41786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR5QAAAIo"]
[Thu Jun 11 14:16:17.239234 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41822] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/appsettings.json"] [unique_id "airtYU4Kpjoch0F_BSqC4QAAAFU"]
[Thu Jun 11 14:16:17.239676 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/appsettings.json"] [unique_id "airtYU4Kpjoch0F_BSqC4QAAAFU"]
[Thu Jun 11 14:16:17.240201 2026] [security2:error] [pid 9918:tid 9943] [client 34.17.141.62:41822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC4QAAAFU"]
[Thu Jun 11 14:16:17.246620 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:41838] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/credentials.json"] [unique_id "airtYazVaq-mvl-Hfs-43QAAAAA"]
[Thu Jun 11 14:16:17.246927 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:41838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/credentials.json"] [unique_id "airtYazVaq-mvl-Hfs-43QAAAAA"]
[Thu Jun 11 14:16:17.247220 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:41838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-43QAAAAA"]
[Thu Jun 11 14:16:17.255067 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:41844] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR5gAAAIE"]
[Thu Jun 11 14:16:17.255730 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:41844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR5gAAAIE"]
[Thu Jun 11 14:16:17.256148 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:41844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR5gAAAIE"]
[Thu Jun 11 14:16:17.259080 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:41810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/application.properties"] [unique_id "airtYUKTwdTIu69rj43ofgAAAMA"]
[Thu Jun 11 14:16:17.259397 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:41810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/application.properties"] [unique_id "airtYUKTwdTIu69rj43ofgAAAMA"]
[Thu Jun 11 14:16:17.268263 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:41810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ofgAAAMA"]
[Thu Jun 11 14:16:17.269841 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:41856] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC4gAAAFM"]
[Thu Jun 11 14:16:17.270489 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:41856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC4gAAAFM"]
[Thu Jun 11 14:16:17.270845 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:41856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC4gAAAFM"]
[Thu Jun 11 14:16:17.272526 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:41850] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/keys.json"] [unique_id "airtYUKTwdTIu69rj43ofwAAAMs"]
[Thu Jun 11 14:16:17.272922 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:41850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/keys.json"] [unique_id "airtYUKTwdTIu69rj43ofwAAAMs"]
[Thu Jun 11 14:16:17.273241 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:41850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ofwAAAMs"]
[Thu Jun 11 14:16:17.276301 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:41860] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/v1/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDvwAAAQI"]
[Thu Jun 11 14:16:17.276562 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:41860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/v1/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDvwAAAQI"]
[Thu Jun 11 14:16:17.277118 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:41860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDvwAAAQI"]
[Thu Jun 11 14:16:17.295364 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:41870] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "airtYazVaq-mvl-Hfs-43gAAABc"]
[Thu Jun 11 14:16:17.295804 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:41870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/v1/application.yml"] [unique_id "airtYazVaq-mvl-Hfs-43gAAABc"]
[Thu Jun 11 14:16:17.296174 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:41870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-43gAAABc"]
[Thu Jun 11 14:16:17.299903 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:41874] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/v2/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR5wAAAIQ"]
[Thu Jun 11 14:16:17.301175 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:41886] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "airtYUKTwdTIu69rj43ogAAAAMw"]
[Thu Jun 11 14:16:17.301485 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:41886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/v2/application.yml"] [unique_id "airtYUKTwdTIu69rj43ogAAAAMw"]
[Thu Jun 11 14:16:17.301837 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:41886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ogAAAAMw"]
[Thu Jun 11 14:16:17.303935 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:41910] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDwAAAAQg"]
[Thu Jun 11 14:16:17.304264 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:41910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDwAAAAQg"]
[Thu Jun 11 14:16:17.304602 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:41910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDwAAAAQg"]
[Thu Jun 11 14:16:17.308710 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41894] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config.php"] [unique_id "airtYU4Kpjoch0F_BSqC4wAAAEI"]
[Thu Jun 11 14:16:17.309067 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config.php"] [unique_id "airtYU4Kpjoch0F_BSqC4wAAAEI"]
[Thu Jun 11 14:16:17.309466 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:41894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC4wAAAEI"]
[Thu Jun 11 14:16:17.310021 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:41874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/api/v2/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR5wAAAIQ"]
[Thu Jun 11 14:16:17.310511 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:41874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR5wAAAIQ"]
[Thu Jun 11 14:16:17.316741 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:41922] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-43wAAABM"]
[Thu Jun 11 14:16:17.317044 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:41922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-43wAAABM"]
[Thu Jun 11 14:16:17.317334 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:41922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-43wAAABM"]
[Thu Jun 11 14:16:17.332192 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41944] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/settings.json"] [unique_id "airtYUKTwdTIu69rj43ogQAAAM8"]
[Thu Jun 11 14:16:17.333995 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:41930] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/settings.php"] [unique_id "airtYTlbUCMVJYfLxkrR6AAAAJY"]
[Thu Jun 11 14:16:17.334414 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:41930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/settings.php"] [unique_id "airtYTlbUCMVJYfLxkrR6AAAAJY"]
[Thu Jun 11 14:16:17.335139 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:41930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR6AAAAJY"]
[Thu Jun 11 14:16:17.337161 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/settings.json"] [unique_id "airtYUKTwdTIu69rj43ogQAAAM8"]
[Thu Jun 11 14:16:17.337528 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:41944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ogQAAAM8"]
[Thu Jun 11 14:16:17.345537 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/database.php"] [unique_id "airtYU4Kpjoch0F_BSqC5AAAAEc"]
[Thu Jun 11 14:16:17.345913 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/database.php"] [unique_id "airtYU4Kpjoch0F_BSqC5AAAAEc"]
[Thu Jun 11 14:16:17.346407 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:41946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC5AAAAEc"]
[Thu Jun 11 14:16:17.350094 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:41976] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/credentials.json"] [unique_id "airtYf8lKn4qdPkDWlDDwgAAAQ8"]
[Thu Jun 11 14:16:17.350374 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:41976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/credentials.json"] [unique_id "airtYf8lKn4qdPkDWlDDwgAAAQ8"]
[Thu Jun 11 14:16:17.350952 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:41976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDwgAAAQ8"]
[Thu Jun 11 14:16:17.361348 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:41988] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR6QAAAIk"]
[Thu Jun 11 14:16:17.361747 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:41988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR6QAAAIk"]
[Thu Jun 11 14:16:17.362121 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:41988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR6QAAAIk"]
[Thu Jun 11 14:16:17.366193 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:41962] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-44AAAAAg"]
[Thu Jun 11 14:16:17.366309 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:41962] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /app/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/app/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-44AAAAAg"]
[Thu Jun 11 14:16:17.366629 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:41962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-44AAAAAg"]
[Thu Jun 11 14:16:17.367000 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:41962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-44AAAAAg"]
[Thu Jun 11 14:16:17.368899 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42000] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/application.yml"] [unique_id "airtYUKTwdTIu69rj43oggAAAMM"]
[Thu Jun 11 14:16:17.369335 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/application.yml"] [unique_id "airtYUKTwdTIu69rj43oggAAAMM"]
[Thu Jun 11 14:16:17.369746 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oggAAAMM"]
[Thu Jun 11 14:16:17.376944 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/application.properties"] [unique_id "airtYU4Kpjoch0F_BSqC5QAAAFA"]
[Thu Jun 11 14:16:17.377248 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/application.properties"] [unique_id "airtYU4Kpjoch0F_BSqC5QAAAFA"]
[Thu Jun 11 14:16:17.377539 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC5QAAAFA"]
[Thu Jun 11 14:16:17.387365 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:42012] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/parameters.yml"] [unique_id "airtYazVaq-mvl-Hfs-44QAAAAk"]
[Thu Jun 11 14:16:17.387747 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:42012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/parameters.yml"] [unique_id "airtYazVaq-mvl-Hfs-44QAAAAk"]
[Thu Jun 11 14:16:17.388049 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:42012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-44QAAAAk"]
[Thu Jun 11 14:16:17.389637 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42018] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/config.php"] [unique_id "airtYTlbUCMVJYfLxkrR6gAAAIw"]
[Thu Jun 11 14:16:17.390076 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/config.php"] [unique_id "airtYTlbUCMVJYfLxkrR6gAAAIw"]
[Thu Jun 11 14:16:17.390665 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR6gAAAIw"]
[Thu Jun 11 14:16:17.392104 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:42034] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/config.json"] [unique_id "airtYUKTwdTIu69rj43ohAAAANI"]
[Thu Jun 11 14:16:17.392647 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:42034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/config.json"] [unique_id "airtYUKTwdTIu69rj43ohAAAANI"]
[Thu Jun 11 14:16:17.393012 2026] [security2:error] [pid 21243:tid 21264] [client 34.17.141.62:42034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ohAAAANI"]
[Thu Jun 11 14:16:17.403226 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42044] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/config.yml"] [unique_id "airtYU4Kpjoch0F_BSqC5gAAAE0"]
[Thu Jun 11 14:16:17.403547 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/config.yml"] [unique_id "airtYU4Kpjoch0F_BSqC5gAAAE0"]
[Thu Jun 11 14:16:17.403955 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC5gAAAE0"]
[Thu Jun 11 14:16:17.405609 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:42058] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/settings.php"] [unique_id "airtYf8lKn4qdPkDWlDDwwAAARE"]
[Thu Jun 11 14:16:17.405926 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:42058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/settings.php"] [unique_id "airtYf8lKn4qdPkDWlDDwwAAARE"]
[Thu Jun 11 14:16:17.406297 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:42058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDwwAAARE"]
[Thu Jun 11 14:16:17.424962 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:42100] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/database.php"] [unique_id "airtYUKTwdTIu69rj43ohQAAAMg"]
[Thu Jun 11 14:16:17.425370 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:42100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/database.php"] [unique_id "airtYUKTwdTIu69rj43ohQAAAMg"]
[Thu Jun 11 14:16:17.426187 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:42100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ohQAAAMg"]
[Thu Jun 11 14:16:17.426877 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42074] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/settings.py"] [unique_id "airtYTlbUCMVJYfLxkrR6wAAAJc"]
[Thu Jun 11 14:16:17.427234 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/settings.py"] [unique_id "airtYTlbUCMVJYfLxkrR6wAAAJc"]
[Thu Jun 11 14:16:17.427643 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR6wAAAJc"]
[Thu Jun 11 14:16:17.429967 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:42084] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/settings.json"] [unique_id "airtYazVaq-mvl-Hfs-44gAAAAQ"]
[Thu Jun 11 14:16:17.430640 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:42084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/settings.json"] [unique_id "airtYazVaq-mvl-Hfs-44gAAAAQ"]
[Thu Jun 11 14:16:17.430975 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:42084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-44gAAAAQ"]
[Thu Jun 11 14:16:17.433997 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:42110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC5wAAAEE"]
[Thu Jun 11 14:16:17.434139 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:42110] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /backend/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/backend/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC5wAAAEE"]
[Thu Jun 11 14:16:17.434331 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:42110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC5wAAAEE"]
[Thu Jun 11 14:16:17.434649 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:42110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC5wAAAEE"]
[Thu Jun 11 14:16:17.438767 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:42118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/credentials.json"] [unique_id "airtYf8lKn4qdPkDWlDDxAAAAQc"]
[Thu Jun 11 14:16:17.442643 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:42118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/credentials.json"] [unique_id "airtYf8lKn4qdPkDWlDDxAAAAQc"]
[Thu Jun 11 14:16:17.443005 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:42118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDxAAAAQc"]
[Thu Jun 11 14:16:17.443803 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:42126] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/secrets.json"] [unique_id "airtYazVaq-mvl-Hfs-44wAAABA"]
[Thu Jun 11 14:16:17.444146 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:42126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/secrets.json"] [unique_id "airtYazVaq-mvl-Hfs-44wAAABA"]
[Thu Jun 11 14:16:17.444487 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:42126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-44wAAABA"]
[Thu Jun 11 14:16:17.457343 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:42140] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/application.yml"] [unique_id "airtYTlbUCMVJYfLxkrR7AAAAIU"]
[Thu Jun 11 14:16:17.457698 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:42140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/application.yml"] [unique_id "airtYTlbUCMVJYfLxkrR7AAAAIU"]
[Thu Jun 11 14:16:17.458014 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:42140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR7AAAAIU"]
[Thu Jun 11 14:16:17.467462 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:42162] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6AAAAFI"]
[Thu Jun 11 14:16:17.467535 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:42148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/application.properties"] [unique_id "airtYUKTwdTIu69rj43ohgAAAMc"]
[Thu Jun 11 14:16:17.467834 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:42162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6AAAAFI"]
[Thu Jun 11 14:16:17.467873 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:42148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/application.properties"] [unique_id "airtYUKTwdTIu69rj43ohgAAAMc"]
[Thu Jun 11 14:16:17.468209 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:42162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC6AAAAFI"]
[Thu Jun 11 14:16:17.468316 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:42148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ohgAAAMc"]
[Thu Jun 11 14:16:17.476429 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:42172] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/config.php"] [unique_id "airtYf8lKn4qdPkDWlDDxQAAAQQ"]
[Thu Jun 11 14:16:17.478963 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:42172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/config.php"] [unique_id "airtYf8lKn4qdPkDWlDDxQAAAQQ"]
[Thu Jun 11 14:16:17.479370 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:42172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDxQAAAQQ"]
[Thu Jun 11 14:16:17.482126 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:42186] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR7QAAAII"]
[Thu Jun 11 14:16:17.482449 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:42186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR7QAAAII"]
[Thu Jun 11 14:16:17.482764 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:42186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR7QAAAII"]
[Thu Jun 11 14:16:17.488870 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:42152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/backend/appsettings.json"] [unique_id "airtYazVaq-mvl-Hfs-45AAAAAY"]
[Thu Jun 11 14:16:17.489269 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:42152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/backend/appsettings.json"] [unique_id "airtYazVaq-mvl-Hfs-45AAAAAY"]
[Thu Jun 11 14:16:17.489688 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:42152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-45AAAAAY"]
[Thu Jun 11 14:16:17.504916 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:42192] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/config.yml"] [unique_id "airtYUKTwdTIu69rj43ohwAAAMU"]
[Thu Jun 11 14:16:17.505273 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:42192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/config.yml"] [unique_id "airtYUKTwdTIu69rj43ohwAAAMU"]
[Thu Jun 11 14:16:17.505441 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:42204] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/settings.py"] [unique_id "airtYU4Kpjoch0F_BSqC6QAAAEk"]
[Thu Jun 11 14:16:17.505647 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:42192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ohwAAAMU"]
[Thu Jun 11 14:16:17.505764 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:42204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/settings.py"] [unique_id "airtYU4Kpjoch0F_BSqC6QAAAEk"]
[Thu Jun 11 14:16:17.506120 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:42204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC6QAAAEk"]
[Thu Jun 11 14:16:17.507644 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:42218] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/settings.json"] [unique_id "airtYf8lKn4qdPkDWlDDxgAAAQU"]
[Thu Jun 11 14:16:17.507986 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:42218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/settings.json"] [unique_id "airtYf8lKn4qdPkDWlDDxgAAAQU"]
[Thu Jun 11 14:16:17.508275 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:42218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDxgAAAQU"]
[Thu Jun 11 14:16:17.508398 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:42220] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-45QAAAA8"]
[Thu Jun 11 14:16:17.508519 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:42220] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /src/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/src/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-45QAAAA8"]
[Thu Jun 11 14:16:17.513706 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:42230] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/credentials.json"] [unique_id "airtYTlbUCMVJYfLxkrR7gAAAIc"]
[Thu Jun 11 14:16:17.513743 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:42220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/database.yml"] [unique_id "airtYazVaq-mvl-Hfs-45QAAAA8"]
[Thu Jun 11 14:16:17.513999 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:42230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/credentials.json"] [unique_id "airtYTlbUCMVJYfLxkrR7gAAAIc"]
[Thu Jun 11 14:16:17.514059 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:42220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-45QAAAA8"]
[Thu Jun 11 14:16:17.514330 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:42230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR7gAAAIc"]
[Thu Jun 11 14:16:17.539060 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:42254] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/application.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6gAAAFc"]
[Thu Jun 11 14:16:17.539444 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:42254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/application.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6gAAAFc"]
[Thu Jun 11 14:16:17.539812 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:42254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC6gAAAFc"]
[Thu Jun 11 14:16:17.541541 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:42244] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/secrets.json"] [unique_id "airtYUKTwdTIu69rj43oiAAAAMk"]
[Thu Jun 11 14:16:17.541859 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:42244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/secrets.json"] [unique_id "airtYUKTwdTIu69rj43oiAAAAMk"]
[Thu Jun 11 14:16:17.542194 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:42244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oiAAAAMk"]
[Thu Jun 11 14:16:17.547928 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:42280] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/config.json"] [unique_id "airtYazVaq-mvl-Hfs-45gAAAA0"]
[Thu Jun 11 14:16:17.548297 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:42280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/config.json"] [unique_id "airtYazVaq-mvl-Hfs-45gAAAA0"]
[Thu Jun 11 14:16:17.548623 2026] [security2:error] [pid 21296:tid 21312] [client 34.17.141.62:42280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-45gAAAA0"]
[Thu Jun 11 14:16:17.550061 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:42266] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/src/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDDyAAAAQY"]
[Thu Jun 11 14:16:17.550404 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:42266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/src/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDDyAAAAQY"]
[Thu Jun 11 14:16:17.550772 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:42266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDyAAAAQY"]
[Thu Jun 11 14:16:17.556199 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:42296] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/config.yml"] [unique_id "airtYTlbUCMVJYfLxkrR7wAAAJg"]
[Thu Jun 11 14:16:17.556612 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:42296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/config.yml"] [unique_id "airtYTlbUCMVJYfLxkrR7wAAAJg"]
[Thu Jun 11 14:16:17.557006 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:42296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR7wAAAJg"]
[Thu Jun 11 14:16:17.558843 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:42308] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/settings.json"] [unique_id "airtYUKTwdTIu69rj43oiQAAANA"]
[Thu Jun 11 14:16:17.559245 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:42308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/settings.json"] [unique_id "airtYUKTwdTIu69rj43oiQAAANA"]
[Thu Jun 11 14:16:17.559564 2026] [security2:error] [pid 21243:tid 21262] [client 34.17.141.62:42308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oiQAAANA"]
[Thu Jun 11 14:16:17.563794 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:42328] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/application.yml"] [unique_id "airtYf8lKn4qdPkDWlDDyQAAAQg"]
[Thu Jun 11 14:16:17.564190 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:42328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/application.yml"] [unique_id "airtYf8lKn4qdPkDWlDDyQAAAQg"]
[Thu Jun 11 14:16:17.564549 2026] [security2:error] [pid 3902:tid 3917] [client 34.17.141.62:42328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDyQAAAQg"]
[Thu Jun 11 14:16:17.566838 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:42318] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6wAAAEo"]
[Thu Jun 11 14:16:17.566974 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:42318] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /server/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/server/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6wAAAEo"]
[Thu Jun 11 14:16:17.567159 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:42318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/database.yml"] [unique_id "airtYU4Kpjoch0F_BSqC6wAAAEo"]
[Thu Jun 11 14:16:17.567876 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:42318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC6wAAAEo"]
[Thu Jun 11 14:16:17.582114 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:42338] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/appsettings.json"] [unique_id "airtYTlbUCMVJYfLxkrR8AAAAIs"]
[Thu Jun 11 14:16:17.582540 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:42338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/appsettings.json"] [unique_id "airtYTlbUCMVJYfLxkrR8AAAAIs"]
[Thu Jun 11 14:16:17.582907 2026] [security2:error] [pid 21295:tid 21337] [client 34.17.141.62:42338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR8AAAAIs"]
[Thu Jun 11 14:16:17.584502 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:42332] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/application.properties"] [unique_id "airtYazVaq-mvl-Hfs-45wAAAAM"]
[Thu Jun 11 14:16:17.584963 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:42332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/application.properties"] [unique_id "airtYazVaq-mvl-Hfs-45wAAAAM"]
[Thu Jun 11 14:16:17.585304 2026] [security2:error] [pid 21296:tid 21303] [client 34.17.141.62:42332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-45wAAAAM"]
[Thu Jun 11 14:16:17.589915 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:42344] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/credentials.json"] [unique_id "airtYUKTwdTIu69rj43oigAAAMQ"]
[Thu Jun 11 14:16:17.590245 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:42344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/credentials.json"] [unique_id "airtYUKTwdTIu69rj43oigAAAMQ"]
[Thu Jun 11 14:16:17.590558 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:42344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oigAAAMQ"]
[Thu Jun 11 14:16:17.601473 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:42360] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/config.php"] [unique_id "airtYf8lKn4qdPkDWlDDygAAARg"]
[Thu Jun 11 14:16:17.601930 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:42360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/config.php"] [unique_id "airtYf8lKn4qdPkDWlDDygAAARg"]
[Thu Jun 11 14:16:17.602332 2026] [security2:error] [pid 3902:tid 3933] [client 34.17.141.62:42360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDygAAARg"]
[Thu Jun 11 14:16:17.603895 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:42356] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server/secrets.json"] [unique_id "airtYU4Kpjoch0F_BSqC7AAAAEQ"]
[Thu Jun 11 14:16:17.604404 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:42356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server/secrets.json"] [unique_id "airtYU4Kpjoch0F_BSqC7AAAAEQ"]
[Thu Jun 11 14:16:17.604720 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:42356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC7AAAAEQ"]
[Thu Jun 11 14:16:17.608853 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42364] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/config.json"] [unique_id "airtYazVaq-mvl-Hfs-46AAAABg"]
[Thu Jun 11 14:16:17.609244 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/config.json"] [unique_id "airtYazVaq-mvl-Hfs-46AAAABg"]
[Thu Jun 11 14:16:17.612898 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:42376] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/config.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8QAAAI4"]
[Thu Jun 11 14:16:17.613045 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:42376] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/config/config.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8QAAAI4"]
[Thu Jun 11 14:16:17.613324 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:42376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/config.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8QAAAI4"]
[Thu Jun 11 14:16:17.613707 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:42376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR8QAAAI4"]
[Thu Jun 11 14:16:17.614474 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-46AAAABg"]
[Thu Jun 11 14:16:17.619523 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:42392] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/settings.php"] [unique_id "airtYUKTwdTIu69rj43oiwAAAMI"]
[Thu Jun 11 14:16:17.619987 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:42392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/settings.php"] [unique_id "airtYUKTwdTIu69rj43oiwAAAMI"]
[Thu Jun 11 14:16:17.620304 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:42392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43oiwAAAMI"]
[Thu Jun 11 14:16:17.635844 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:42396] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/settings.json"] [unique_id "airtYU4Kpjoch0F_BSqC7QAAAFE"]
[Thu Jun 11 14:16:17.636266 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:42396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/settings.json"] [unique_id "airtYU4Kpjoch0F_BSqC7QAAAFE"]
[Thu Jun 11 14:16:17.636667 2026] [security2:error] [pid 9918:tid 9939] [client 34.17.141.62:42396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC7QAAAFE"]
[Thu Jun 11 14:16:17.638902 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:42412] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/database.php"] [unique_id "airtYazVaq-mvl-Hfs-46QAAAA4"]
[Thu Jun 11 14:16:17.639217 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:42412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/database.php"] [unique_id "airtYazVaq-mvl-Hfs-46QAAAA4"]
[Thu Jun 11 14:16:17.639499 2026] [security2:error] [pid 21296:tid 21313] [client 34.17.141.62:42412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-46QAAAA4"]
[Thu Jun 11 14:16:17.641005 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:42416] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/database.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8gAAAI0"]
[Thu Jun 11 14:16:17.641129 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:42416] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/config/database.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8gAAAI0"]
[Thu Jun 11 14:16:17.641320 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:42416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/database.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8gAAAI0"]
[Thu Jun 11 14:16:17.641646 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:42416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR8gAAAI0"]
[Thu Jun 11 14:16:17.645381 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:42428] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/database.json"] [unique_id "airtYUKTwdTIu69rj43ojAAAANE"]
[Thu Jun 11 14:16:17.645769 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:42428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/database.json"] [unique_id "airtYUKTwdTIu69rj43ojAAAANE"]
[Thu Jun 11 14:16:17.646168 2026] [security2:error] [pid 21243:tid 21263] [client 34.17.141.62:42428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ojAAAANE"]
[Thu Jun 11 14:16:17.647993 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:42440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/credentials.json"] [unique_id "airtYU4Kpjoch0F_BSqC7gAAAEY"]
[Thu Jun 11 14:16:17.648294 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:42440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/credentials.json"] [unique_id "airtYU4Kpjoch0F_BSqC7gAAAEY"]
[Thu Jun 11 14:16:17.648723 2026] [security2:error] [pid 9918:tid 9928] [client 34.17.141.62:42440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC7gAAAEY"]
[Thu Jun 11 14:16:17.666745 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42452] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/secrets.json"] [unique_id "airtYf8lKn4qdPkDWlDDywAAARI"]
[Thu Jun 11 14:16:17.667349 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/secrets.json"] [unique_id "airtYf8lKn4qdPkDWlDDywAAARI"]
[Thu Jun 11 14:16:17.670518 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:42466] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/keys.json"] [unique_id "airtYazVaq-mvl-Hfs-46gAAABY"]
[Thu Jun 11 14:16:17.670885 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:42466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/keys.json"] [unique_id "airtYazVaq-mvl-Hfs-46gAAABY"]
[Thu Jun 11 14:16:17.671220 2026] [security2:error] [pid 21296:tid 21321] [client 34.17.141.62:42466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-46gAAABY"]
[Thu Jun 11 14:16:17.673427 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDywAAARI"]
[Thu Jun 11 14:16:17.682404 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:42478] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/application.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8wAAAIg"]
[Thu Jun 11 14:16:17.682821 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:42478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/application.yml"] [unique_id "airtYTlbUCMVJYfLxkrR8wAAAIg"]
[Thu Jun 11 14:16:17.683155 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:42478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR8wAAAIg"]
[Thu Jun 11 14:16:17.687805 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:42494] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/application.properties"] [unique_id "airtYUKTwdTIu69rj43ojQAAAM0"]
[Thu Jun 11 14:16:17.688160 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:42494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/application.properties"] [unique_id "airtYUKTwdTIu69rj43ojQAAAM0"]
[Thu Jun 11 14:16:17.688849 2026] [security2:error] [pid 21243:tid 21259] [client 34.17.141.62:42494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ojQAAAM0"]
[Thu Jun 11 14:16:17.689070 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:42502] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC7wAAAEA"]
[Thu Jun 11 14:16:17.689363 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:42502] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC7wAAAEA"]
[Thu Jun 11 14:16:17.690139 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:42502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC7wAAAEA"]
[Thu Jun 11 14:16:17.690502 2026] [security2:error] [pid 9918:tid 9922] [client 34.17.141.62:42502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC7wAAAEA"]
[Thu Jun 11 14:16:17.690845 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:42512] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/parameters.yaml"] [unique_id "airtYf8lKn4qdPkDWlDDzAAAAQM"]
[Thu Jun 11 14:16:17.691196 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:42512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/parameters.yaml"] [unique_id "airtYf8lKn4qdPkDWlDDzAAAAQM"]
[Thu Jun 11 14:16:17.691641 2026] [security2:error] [pid 3902:tid 3912] [client 34.17.141.62:42512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDzAAAAQM"]
[Thu Jun 11 14:16:17.704177 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:42528] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/app.php"] [unique_id "airtYazVaq-mvl-Hfs-46wAAABI"]
[Thu Jun 11 14:16:17.704555 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:42528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/app.php"] [unique_id "airtYazVaq-mvl-Hfs-46wAAABI"]
[Thu Jun 11 14:16:17.704895 2026] [security2:error] [pid 21296:tid 21317] [client 34.17.141.62:42528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-46wAAABI"]
[Thu Jun 11 14:16:17.712068 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:42536] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/mail.php"] [unique_id "airtYTlbUCMVJYfLxkrR9AAAAJE"]
[Thu Jun 11 14:16:17.712855 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:42536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/mail.php"] [unique_id "airtYTlbUCMVJYfLxkrR9AAAAJE"]
[Thu Jun 11 14:16:17.713182 2026] [security2:error] [pid 21295:tid 21343] [client 34.17.141.62:42536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR9AAAAJE"]
[Thu Jun 11 14:16:17.729788 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:42554] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/cache.php"] [unique_id "airtYU4Kpjoch0F_BSqC8AAAAE4"]
[Thu Jun 11 14:16:17.730236 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:42554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/cache.php"] [unique_id "airtYU4Kpjoch0F_BSqC8AAAAE4"]
[Thu Jun 11 14:16:17.730822 2026] [security2:error] [pid 9918:tid 9936] [client 34.17.141.62:42554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC8AAAAE4"]
[Thu Jun 11 14:16:17.731096 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:42540] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/config/services.php"] [unique_id "airtYUKTwdTIu69rj43ojgAAANc"]
[Thu Jun 11 14:16:17.731417 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:42540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/config/services.php"] [unique_id "airtYUKTwdTIu69rj43ojgAAANc"]
[Thu Jun 11 14:16:17.731961 2026] [security2:error] [pid 21243:tid 21269] [client 34.17.141.62:42540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ojgAAANc"]
[Thu Jun 11 14:16:17.732625 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:42570] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDzQAAAQ4"]
[Thu Jun 11 14:16:17.732988 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:42570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDzQAAAQ4"]
[Thu Jun 11 14:16:17.733325 2026] [security2:error] [pid 3902:tid 3923] [client 34.17.141.62:42570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDzQAAAQ4"]
[Thu Jun 11 14:16:17.734875 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:42582] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-47AAAAAo"]
[Thu Jun 11 14:16:17.735200 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:42582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-47AAAAAo"]
[Thu Jun 11 14:16:17.735473 2026] [security2:error] [pid 21296:tid 21309] [client 34.17.141.62:42582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-47AAAAAo"]
[Thu Jun 11 14:16:17.742773 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:42612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR9QAAAJA"]
[Thu Jun 11 14:16:17.743056 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:42612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR9QAAAJA"]
[Thu Jun 11 14:16:17.743351 2026] [security2:error] [pid 21295:tid 21342] [client 34.17.141.62:42612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR9QAAAJA"]
[Thu Jun 11 14:16:17.754989 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:42598] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/database.yml"] [unique_id "airtYUKTwdTIu69rj43ojwAAAMo"]
[Thu Jun 11 14:16:17.755121 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:42598] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /services/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/services/database.yml"] [unique_id "airtYUKTwdTIu69rj43ojwAAAMo"]
[Thu Jun 11 14:16:17.755345 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:42598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/database.yml"] [unique_id "airtYUKTwdTIu69rj43ojwAAAMo"]
[Thu Jun 11 14:16:17.755819 2026] [security2:error] [pid 21243:tid 21256] [client 34.17.141.62:42598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43ojwAAAMo"]
[Thu Jun 11 14:16:17.757553 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:42618] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/services/application.yml"] [unique_id "airtYU4Kpjoch0F_BSqC8QAAAEM"]
[Thu Jun 11 14:16:17.757876 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:42618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/services/application.yml"] [unique_id "airtYU4Kpjoch0F_BSqC8QAAAEM"]
[Thu Jun 11 14:16:17.758161 2026] [security2:error] [pid 9918:tid 9925] [client 34.17.141.62:42618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC8QAAAEM"]
[Thu Jun 11 14:16:17.766956 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:42628] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-47QAAAAw"]
[Thu Jun 11 14:16:17.767328 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:42628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-47QAAAAw"]
[Thu Jun 11 14:16:17.771246 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:42622] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDzgAAARM"]
[Thu Jun 11 14:16:17.771556 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:42622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/config.json"] [unique_id "airtYf8lKn4qdPkDWlDDzgAAARM"]
[Thu Jun 11 14:16:17.772122 2026] [security2:error] [pid 3902:tid 3928] [client 34.17.141.62:42622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDzgAAARM"]
[Thu Jun 11 14:16:17.772773 2026] [security2:error] [pid 21296:tid 21311] [client 34.17.141.62:42628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-47QAAAAw"]
[Thu Jun 11 14:16:17.777102 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:42632] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR9gAAAJU"]
[Thu Jun 11 14:16:17.777394 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:42632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/secrets.json"] [unique_id "airtYTlbUCMVJYfLxkrR9gAAAJU"]
[Thu Jun 11 14:16:17.778674 2026] [security2:error] [pid 21295:tid 21347] [client 34.17.141.62:42632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR9gAAAJU"]
[Thu Jun 11 14:16:17.788089 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42640] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/internal/credentials.json"] [unique_id "airtYUKTwdTIu69rj43okQAAAME"]
[Thu Jun 11 14:16:17.788289 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:42654] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private/config.json"] [unique_id "airtYU4Kpjoch0F_BSqC8wAAAFQ"]
[Thu Jun 11 14:16:17.788386 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/internal/credentials.json"] [unique_id "airtYUKTwdTIu69rj43okQAAAME"]
[Thu Jun 11 14:16:17.788597 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private/config.json"] [unique_id "airtYU4Kpjoch0F_BSqC8wAAAFQ"]
[Thu Jun 11 14:16:17.788840 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43okQAAAME"]
[Thu Jun 11 14:16:17.788952 2026] [security2:error] [pid 9918:tid 9942] [client 34.17.141.62:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC8wAAAFQ"]
[Thu Jun 11 14:16:17.806897 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:42656] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private/secrets.json"] [unique_id "airtYf8lKn4qdPkDWlDDzwAAARU"]
[Thu Jun 11 14:16:17.807263 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:42656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private/secrets.json"] [unique_id "airtYf8lKn4qdPkDWlDDzwAAARU"]
[Thu Jun 11 14:16:17.807653 2026] [security2:error] [pid 3902:tid 3930] [client 34.17.141.62:42656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDDzwAAARU"]
[Thu Jun 11 14:16:17.811985 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:42684] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/secrets.json"] [unique_id "airtYUKTwdTIu69rj43okgAAANU"]
[Thu Jun 11 14:16:17.812272 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:42684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/secrets.json"] [unique_id "airtYUKTwdTIu69rj43okgAAANU"]
[Thu Jun 11 14:16:17.812714 2026] [security2:error] [pid 21243:tid 21267] [client 34.17.141.62:42684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43okgAAANU"]
[Thu Jun 11 14:16:17.813793 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:42680] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/deploy/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR9wAAAIo"]
[Thu Jun 11 14:16:17.814131 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:42680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/deploy/config.json"] [unique_id "airtYTlbUCMVJYfLxkrR9wAAAIo"]
[Thu Jun 11 14:16:17.814598 2026] [security2:error] [pid 21295:tid 21336] [client 34.17.141.62:42680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR9wAAAIo"]
[Thu Jun 11 14:16:17.814868 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:42666] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private/credentials.json"] [unique_id "airtYazVaq-mvl-Hfs-47gAAAAs"]
[Thu Jun 11 14:16:17.815220 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:42666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private/credentials.json"] [unique_id "airtYazVaq-mvl-Hfs-47gAAAAs"]
[Thu Jun 11 14:16:17.815547 2026] [security2:error] [pid 21296:tid 21310] [client 34.17.141.62:42666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-47gAAAAs"]
[Thu Jun 11 14:16:17.827346 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:42690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v1/config.json"] [unique_id "airtYU4Kpjoch0F_BSqC9AAAAFg"]
[Thu Jun 11 14:16:17.827695 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:42690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v1/config.json"] [unique_id "airtYU4Kpjoch0F_BSqC9AAAAFg"]
[Thu Jun 11 14:16:17.828070 2026] [security2:error] [pid 9918:tid 9946] [client 34.17.141.62:42690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC9AAAAFg"]
[Thu Jun 11 14:16:17.840128 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:42702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.php"] [unique_id "airtYf8lKn4qdPkDWlDD0AAAAQo"]
[Thu Jun 11 14:16:17.840268 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:42702] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.php"] [unique_id "airtYf8lKn4qdPkDWlDD0AAAAQo"]
[Thu Jun 11 14:16:17.840523 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:42702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.php"] [unique_id "airtYf8lKn4qdPkDWlDD0AAAAQo"]
[Thu Jun 11 14:16:17.840903 2026] [security2:error] [pid 3902:tid 3919] [client 34.17.141.62:42702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDD0AAAAQo"]
[Thu Jun 11 14:16:17.845094 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:42696] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/v2/config.json"] [unique_id "airtYazVaq-mvl-Hfs-47wAAABE"]
[Thu Jun 11 14:16:17.845868 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:42704] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_PwAAAUc"]
[Thu Jun 11 14:16:17.845991 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:42704] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_PwAAAUc"]
[Thu Jun 11 14:16:17.846142 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:42704] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_PwAAAUc"]
[Thu Jun 11 14:16:17.846677 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:42704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_PwAAAUc"]
[Thu Jun 11 14:16:17.847115 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:42704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYZQ1oEsc4pCWMDN_PwAAAUc"]
[Thu Jun 11 14:16:17.848430 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:42696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/v2/config.json"] [unique_id "airtYazVaq-mvl-Hfs-47wAAABE"]
[Thu Jun 11 14:16:17.848934 2026] [security2:error] [pid 21296:tid 21316] [client 34.17.141.62:42696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-47wAAABE"]
[Thu Jun 11 14:16:17.851486 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:42710] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.old"] [unique_id "airtYTlbUCMVJYfLxkrR-AAAAIE"]
[Thu Jun 11 14:16:17.851657 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:42710] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.old"] [unique_id "airtYTlbUCMVJYfLxkrR-AAAAIE"]
[Thu Jun 11 14:16:17.851780 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:42710] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.old"] [unique_id "airtYTlbUCMVJYfLxkrR-AAAAIE"]
[Thu Jun 11 14:16:17.852217 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:42710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.php.old"] [unique_id "airtYTlbUCMVJYfLxkrR-AAAAIE"]
[Thu Jun 11 14:16:17.852528 2026] [security2:error] [pid 21295:tid 21327] [client 34.17.141.62:42710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR-AAAAIE"]
[Thu Jun 11 14:16:17.869307 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:42722] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/wp-config.php~"] [unique_id "airtYUKTwdTIu69rj43olAAAAMs"]
[Thu Jun 11 14:16:17.869433 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:42722] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.php~"] [unique_id "airtYUKTwdTIu69rj43olAAAAMs"]
[Thu Jun 11 14:16:17.870978 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:42742] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.txt"] [unique_id "airtYf8lKn4qdPkDWlDD0QAAAQs"]
[Thu Jun 11 14:16:17.871112 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:42742] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.txt"] [unique_id "airtYf8lKn4qdPkDWlDD0QAAAQs"]
[Thu Jun 11 14:16:17.871345 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:42742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.txt"] [unique_id "airtYf8lKn4qdPkDWlDD0QAAAQs"]
[Thu Jun 11 14:16:17.871868 2026] [security2:error] [pid 3902:tid 3920] [client 34.17.141.62:42742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDD0QAAAQs"]
[Thu Jun 11 14:16:17.872387 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:42722] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.php~"] [unique_id "airtYUKTwdTIu69rj43olAAAAMs"]
[Thu Jun 11 14:16:17.872956 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:42722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.php~"] [unique_id "airtYUKTwdTIu69rj43olAAAAMs"]
[Thu Jun 11 14:16:17.873399 2026] [security2:error] [pid 21243:tid 21257] [client 34.17.141.62:42722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43olAAAAMs"]
[Thu Jun 11 14:16:17.876902 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42744] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/local-config.php"] [unique_id "airtYazVaq-mvl-Hfs-48AAAABg"]
[Thu Jun 11 14:16:17.877145 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/local-config.php"] [unique_id "airtYazVaq-mvl-Hfs-48AAAABg"]
[Thu Jun 11 14:16:17.877457 2026] [security2:error] [pid 21296:tid 21324] [client 34.17.141.62:42744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-48AAAABg"]
[Thu Jun 11 14:16:17.886553 2026] [security2:error] [pid 5830:tid 5843] [client 34.17.141.62:42738] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/wp-config.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_QAAAAUg"]
[Thu Jun 11 14:16:17.886839 2026] [security2:error] [pid 5830:tid 5843] [client 34.17.141.62:42738] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/wp-config.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_QAAAAUg"]
[Thu Jun 11 14:16:17.887150 2026] [security2:error] [pid 5830:tid 5843] [client 34.17.141.62:42738] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/wp-config.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_QAAAAUg"]
[Thu Jun 11 14:16:17.887389 2026] [security2:error] [pid 5830:tid 5843] [client 34.17.141.62:42738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/wp-config.bak"] [unique_id "airtYZQ1oEsc4pCWMDN_QAAAAUg"]
[Thu Jun 11 14:16:17.887759 2026] [security2:error] [pid 5830:tid 5843] [client 34.17.141.62:42738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYZQ1oEsc4pCWMDN_QAAAAUg"]
[Thu Jun 11 14:16:17.898338 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:42784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config/parameters.yaml"] [unique_id "airtYf8lKn4qdPkDWlDD0gAAAQ0"]
[Thu Jun 11 14:16:17.898763 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:42784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config/parameters.yaml"] [unique_id "airtYf8lKn4qdPkDWlDD0gAAAQ0"]
[Thu Jun 11 14:16:17.899187 2026] [security2:error] [pid 3902:tid 3922] [client 34.17.141.62:42784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDD0gAAAQ0"]
[Thu Jun 11 14:16:17.902192 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:42754] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "airtYUKTwdTIu69rj43olQAAAMA"]
[Thu Jun 11 14:16:17.902402 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:42754] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "airtYUKTwdTIu69rj43olQAAAMA"]
[Thu Jun 11 14:16:17.902745 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:42754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/storage/logs/laravel.log"] [unique_id "airtYUKTwdTIu69rj43olQAAAMA"]
[Thu Jun 11 14:16:17.903112 2026] [security2:error] [pid 21243:tid 21246] [client 34.17.141.62:42754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43olQAAAMA"]
[Thu Jun 11 14:16:17.904333 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:42750] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/bootstrap/cache/config.php"] [unique_id "airtYTlbUCMVJYfLxkrR-QAAAIQ"]
[Thu Jun 11 14:16:17.904661 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:42750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/bootstrap/cache/config.php"] [unique_id "airtYTlbUCMVJYfLxkrR-QAAAIQ"]
[Thu Jun 11 14:16:17.905033 2026] [security2:error] [pid 21295:tid 21330] [client 34.17.141.62:42750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR-QAAAIQ"]
[Thu Jun 11 14:16:17.906078 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:42770] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC9QAAAFM"]
[Thu Jun 11 14:16:17.906230 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:42770] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC9QAAAFM"]
[Thu Jun 11 14:16:17.906692 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:42770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "airtYU4Kpjoch0F_BSqC9QAAAFM"]
[Thu Jun 11 14:16:17.907050 2026] [security2:error] [pid 9918:tid 9941] [client 34.17.141.62:42770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC9QAAAFM"]
[Thu Jun 11 14:16:17.922216 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:42796] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app/config/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-48QAAAAU"]
[Thu Jun 11 14:16:17.922354 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:42796] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /app/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/app/config/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-48QAAAAU"]
[Thu Jun 11 14:16:17.922636 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:42796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app/config/config.yml"] [unique_id "airtYazVaq-mvl-Hfs-48QAAAAU"]
[Thu Jun 11 14:16:17.923007 2026] [security2:error] [pid 21296:tid 21377] [client 34.17.141.62:42796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-48QAAAAU"]
[Thu Jun 11 14:16:17.924698 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:42810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings/production.py"] [unique_id "airtYZQ1oEsc4pCWMDN_QQAAAUk"]
[Thu Jun 11 14:16:17.925010 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:42810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings/production.py"] [unique_id "airtYZQ1oEsc4pCWMDN_QQAAAUk"]
[Thu Jun 11 14:16:17.925388 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:42810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYZQ1oEsc4pCWMDN_QQAAAUk"]
[Thu Jun 11 14:16:17.930218 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:42826] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings/base.py"] [unique_id "airtYUKTwdTIu69rj43olgAAAMw"]
[Thu Jun 11 14:16:17.930565 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:42826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings/base.py"] [unique_id "airtYUKTwdTIu69rj43olgAAAMw"]
[Thu Jun 11 14:16:17.930964 2026] [security2:error] [pid 21243:tid 21258] [client 34.17.141.62:42826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43olgAAAMw"]
[Thu Jun 11 14:16:17.933417 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:42814] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/settings/local.py"] [unique_id "airtYTlbUCMVJYfLxkrR-gAAAJY"]
[Thu Jun 11 14:16:17.933740 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:42814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/settings/local.py"] [unique_id "airtYTlbUCMVJYfLxkrR-gAAAJY"]
[Thu Jun 11 14:16:17.934030 2026] [security2:error] [pid 21295:tid 21348] [client 34.17.141.62:42814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR-gAAAJY"]
[Thu Jun 11 14:16:17.936084 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:42828] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/core/settings.py"] [unique_id "airtYU4Kpjoch0F_BSqC9gAAAEI"]
[Thu Jun 11 14:16:17.936394 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:42828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/core/settings.py"] [unique_id "airtYU4Kpjoch0F_BSqC9gAAAEI"]
[Thu Jun 11 14:16:17.936906 2026] [security2:error] [pid 9918:tid 9924] [client 34.17.141.62:42828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC9gAAAEI"]
[Thu Jun 11 14:16:17.941364 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42842] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/project/settings.py"] [unique_id "airtYf8lKn4qdPkDWlDD0wAAARI"]
[Thu Jun 11 14:16:17.941747 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/project/settings.py"] [unique_id "airtYf8lKn4qdPkDWlDD0wAAARI"]
[Thu Jun 11 14:16:17.942022 2026] [security2:error] [pid 3902:tid 3927] [client 34.17.141.62:42842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDD0wAAARI"]
[Thu Jun 11 14:16:17.950017 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:42850] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application/config/database.php"] [unique_id "airtYazVaq-mvl-Hfs-48gAAAAE"]
[Thu Jun 11 14:16:17.950348 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:42850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application/config/database.php"] [unique_id "airtYazVaq-mvl-Hfs-48gAAAAE"]
[Thu Jun 11 14:16:17.950770 2026] [security2:error] [pid 21296:tid 21301] [client 34.17.141.62:42850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-48gAAAAE"]
[Thu Jun 11 14:16:17.965446 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:42870] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/system/application/config/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR-wAAAIk"]
[Thu Jun 11 14:16:17.965908 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:42870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/system/application/config/database.php"] [unique_id "airtYTlbUCMVJYfLxkrR-wAAAIk"]
[Thu Jun 11 14:16:17.966239 2026] [security2:error] [pid 21295:tid 21335] [client 34.17.141.62:42870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYTlbUCMVJYfLxkrR-wAAAIk"]
[Thu Jun 11 14:16:17.966245 2026] [security2:error] [pid 5830:tid 5845] [client 34.17.141.62:42864] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application/config/config.php"] [unique_id "airtYZQ1oEsc4pCWMDN_QgAAAUo"]
[Thu Jun 11 14:16:17.966743 2026] [security2:error] [pid 5830:tid 5845] [client 34.17.141.62:42864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application/config/config.php"] [unique_id "airtYZQ1oEsc4pCWMDN_QgAAAUo"]
[Thu Jun 11 14:16:17.967129 2026] [security2:error] [pid 5830:tid 5845] [client 34.17.141.62:42864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYZQ1oEsc4pCWMDN_QgAAAUo"]
[Thu Jun 11 14:16:17.975389 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:42884] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/context.xml"] [unique_id "airtYU4Kpjoch0F_BSqC9wAAAEc"]
[Thu Jun 11 14:16:17.976062 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:42884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/context.xml"] [unique_id "airtYU4Kpjoch0F_BSqC9wAAAEc"]
[Thu Jun 11 14:16:17.976457 2026] [security2:error] [pid 9918:tid 9929] [client 34.17.141.62:42884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYU4Kpjoch0F_BSqC9wAAAEc"]
[Thu Jun 11 14:16:17.982708 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:42882] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/web.xml"] [unique_id "airtYUKTwdTIu69rj43olwAAAM8"]
[Thu Jun 11 14:16:17.983031 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:42882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/web.xml"] [unique_id "airtYUKTwdTIu69rj43olwAAAM8"]
[Thu Jun 11 14:16:17.983356 2026] [security2:error] [pid 21243:tid 21261] [client 34.17.141.62:42882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYUKTwdTIu69rj43olwAAAM8"]
[Thu Jun 11 14:16:17.985244 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:42888] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/classes/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDD1AAAAQI"]
[Thu Jun 11 14:16:17.985942 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:42888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/WEB-INF/classes/application.properties"] [unique_id "airtYf8lKn4qdPkDWlDD1AAAAQI"]
[Thu Jun 11 14:16:17.986311 2026] [security2:error] [pid 3902:tid 3911] [client 34.17.141.62:42888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYf8lKn4qdPkDWlDD1AAAAQI"]
[Thu Jun 11 14:16:17.990302 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:42898] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/META-INF/context.xml"] [unique_id "airtYazVaq-mvl-Hfs-48wAAAAA"]
[Thu Jun 11 14:16:17.990683 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:42898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/META-INF/context.xml"] [unique_id "airtYazVaq-mvl-Hfs-48wAAAAA"]
[Thu Jun 11 14:16:17.990980 2026] [security2:error] [pid 21296:tid 21300] [client 34.17.141.62:42898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYazVaq-mvl-Hfs-48wAAAAA"]
[Thu Jun 11 14:16:18.001996 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42906] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "airtYjlbUCMVJYfLxkrR_AAAAIw"]
[Thu Jun 11 14:16:18.002143 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42906] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "airtYjlbUCMVJYfLxkrR_AAAAIw"]
[Thu Jun 11 14:16:18.002401 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.local.xml"] [unique_id "airtYjlbUCMVJYfLxkrR_AAAAIw"]
[Thu Jun 11 14:16:18.002740 2026] [security2:error] [pid 21295:tid 21338] [client 34.17.141.62:42906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrR_AAAAIw"]
[Thu Jun 11 14:16:18.004684 2026] [security2:error] [pid 5830:tid 5846] [client 34.17.141.62:42900] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "airtYpQ1oEsc4pCWMDN_QwAAAUs"]
[Thu Jun 11 14:16:18.004821 2026] [security2:error] [pid 5830:tid 5846] [client 34.17.141.62:42900] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "airtYpQ1oEsc4pCWMDN_QwAAAUs"]
[Thu Jun 11 14:16:18.005173 2026] [security2:error] [pid 5830:tid 5846] [client 34.17.141.62:42900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.idea/dataSources.xml"] [unique_id "airtYpQ1oEsc4pCWMDN_QwAAAUs"]
[Thu Jun 11 14:16:18.005514 2026] [security2:error] [pid 5830:tid 5846] [client 34.17.141.62:42900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_QwAAAUs"]
[Thu Jun 11 14:16:18.009678 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42914] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "airtYkKTwdTIu69rj43omAAAAMM"]
[Thu Jun 11 14:16:18.009819 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42914] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "airtYkKTwdTIu69rj43omAAAAMM"]
[Thu Jun 11 14:16:18.010098 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.idea/workspace.xml"] [unique_id "airtYkKTwdTIu69rj43omAAAAMM"]
[Thu Jun 11 14:16:18.010442 2026] [security2:error] [pid 21243:tid 21249] [client 34.17.141.62:42914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43omAAAAMM"]
[Thu Jun 11 14:16:18.025098 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42916] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "airtYk4Kpjoch0F_BSqC-AAAAFA"]
[Thu Jun 11 14:16:18.025287 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42916] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/webservers.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "airtYk4Kpjoch0F_BSqC-AAAAFA"]
[Thu Jun 11 14:16:18.025821 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.idea/WebServers.xml"] [unique_id "airtYk4Kpjoch0F_BSqC-AAAAFA"]
[Thu Jun 11 14:16:18.026288 2026] [security2:error] [pid 9918:tid 9938] [client 34.17.141.62:42916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC-AAAAFA"]
[Thu Jun 11 14:16:18.030663 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:42944] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.vscode/sftp.json"] [unique_id "airtYqzVaq-mvl-Hfs-49AAAABc"]
[Thu Jun 11 14:16:18.030961 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:42944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.vscode/sftp.json"] [unique_id "airtYqzVaq-mvl-Hfs-49AAAABc"]
[Thu Jun 11 14:16:18.031273 2026] [security2:error] [pid 21296:tid 21323] [client 34.17.141.62:42944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-49AAAABc"]
[Thu Jun 11 14:16:18.032976 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:42930] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "airtYv8lKn4qdPkDWlDD1QAAAQE"]
[Thu Jun 11 14:16:18.033112 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:42930] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/deployment.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "airtYv8lKn4qdPkDWlDD1QAAAQE"]
[Thu Jun 11 14:16:18.033315 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:42930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.idea/deployment.xml"] [unique_id "airtYv8lKn4qdPkDWlDD1QAAAQE"]
[Thu Jun 11 14:16:18.033650 2026] [security2:error] [pid 3902:tid 3910] [client 34.17.141.62:42930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD1QAAAQE"]
[Thu Jun 11 14:16:18.049309 2026] [security2:error] [pid 5830:tid 5847] [client 34.17.141.62:42952] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.vscode/settings.json"] [unique_id "airtYpQ1oEsc4pCWMDN_RAAAAUw"]
[Thu Jun 11 14:16:18.049771 2026] [security2:error] [pid 5830:tid 5847] [client 34.17.141.62:42952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.vscode/settings.json"] [unique_id "airtYpQ1oEsc4pCWMDN_RAAAAUw"]
[Thu Jun 11 14:16:18.050218 2026] [security2:error] [pid 5830:tid 5847] [client 34.17.141.62:42952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_RAAAAUw"]
[Thu Jun 11 14:16:18.056174 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42968] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.vscode/tasks.json"] [unique_id "airtYjlbUCMVJYfLxkrR_QAAAJc"]
[Thu Jun 11 14:16:18.061443 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42978] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "airtYkKTwdTIu69rj43omQAAAME"]
[Thu Jun 11 14:16:18.061708 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42978] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "airtYkKTwdTIu69rj43omQAAAME"]
[Thu Jun 11 14:16:18.061968 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.gitlab-ci.yml"] [unique_id "airtYkKTwdTIu69rj43omQAAAME"]
[Thu Jun 11 14:16:18.062834 2026] [security2:error] [pid 21243:tid 21247] [client 34.17.141.62:42978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43omQAAAME"]
[Thu Jun 11 14:16:18.065082 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42964] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.vscode/launch.json"] [unique_id "airtYk4Kpjoch0F_BSqC-gAAAE0"]
[Thu Jun 11 14:16:18.065428 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.vscode/launch.json"] [unique_id "airtYk4Kpjoch0F_BSqC-gAAAE0"]
[Thu Jun 11 14:16:18.065917 2026] [security2:error] [pid 9918:tid 9935] [client 34.17.141.62:42964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC-gAAAE0"]
[Thu Jun 11 14:16:18.068388 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.vscode/tasks.json"] [unique_id "airtYjlbUCMVJYfLxkrR_QAAAJc"]
[Thu Jun 11 14:16:18.068890 2026] [security2:error] [pid 21295:tid 21349] [client 34.17.141.62:42968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrR_QAAAJc"]
[Thu Jun 11 14:16:18.070370 2026] [security2:error] [pid 3902:tid 3909] [client 34.17.141.62:42988] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.travis.yml"] [unique_id "airtYv8lKn4qdPkDWlDD1gAAAQA"]
[Thu Jun 11 14:16:18.070765 2026] [security2:error] [pid 3902:tid 3909] [client 34.17.141.62:42988] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.travis.yml"] [unique_id "airtYv8lKn4qdPkDWlDD1gAAAQA"]
[Thu Jun 11 14:16:18.071036 2026] [security2:error] [pid 3902:tid 3909] [client 34.17.141.62:42988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.travis.yml"] [unique_id "airtYv8lKn4qdPkDWlDD1gAAAQA"]
[Thu Jun 11 14:16:18.071383 2026] [security2:error] [pid 3902:tid 3909] [client 34.17.141.62:42988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD1gAAAQA"]
[Thu Jun 11 14:16:18.073161 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:42994] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.circleci/config.yml"] [unique_id "airtYqzVaq-mvl-Hfs-49QAAABM"]
[Thu Jun 11 14:16:18.073454 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:42994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.circleci/config.yml"] [unique_id "airtYqzVaq-mvl-Hfs-49QAAABM"]
[Thu Jun 11 14:16:18.076429 2026] [security2:error] [pid 5830:tid 5848] [client 34.17.141.62:43000] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/deploy.yml"] [unique_id "airtYpQ1oEsc4pCWMDN_RQAAAU0"]
[Thu Jun 11 14:16:18.076791 2026] [security2:error] [pid 5830:tid 5848] [client 34.17.141.62:43000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/deploy.yml"] [unique_id "airtYpQ1oEsc4pCWMDN_RQAAAU0"]
[Thu Jun 11 14:16:18.077124 2026] [security2:error] [pid 5830:tid 5848] [client 34.17.141.62:43000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_RQAAAU0"]
[Thu Jun 11 14:16:18.083920 2026] [security2:error] [pid 21296:tid 21318] [client 34.17.141.62:42994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-49QAAABM"]
[Thu Jun 11 14:16:18.098988 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:43026] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "airtYkKTwdTIu69rj43omgAAAMg"]
[Thu Jun 11 14:16:18.099335 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:43026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/production.yml"] [unique_id "airtYkKTwdTIu69rj43omgAAAMg"]
[Thu Jun 11 14:16:18.099932 2026] [security2:error] [pid 21243:tid 21254] [client 34.17.141.62:43026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43omgAAAMg"]
[Thu Jun 11 14:16:18.102181 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:43040] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "airtYk4Kpjoch0F_BSqC-wAAAEE"]
[Thu Jun 11 14:16:18.102488 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:43040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/ci.yml"] [unique_id "airtYk4Kpjoch0F_BSqC-wAAAEE"]
[Thu Jun 11 14:16:18.105306 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:43016] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "airtYjlbUCMVJYfLxkrR_gAAAIU"]
[Thu Jun 11 14:16:18.105632 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:43016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.github/workflows/main.yml"] [unique_id "airtYjlbUCMVJYfLxkrR_gAAAIU"]
[Thu Jun 11 14:16:18.106027 2026] [security2:error] [pid 21295:tid 21331] [client 34.17.141.62:43016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrR_gAAAIU"]
[Thu Jun 11 14:16:18.111495 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:43056] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/Jenkinsfile"] [unique_id "airtYv8lKn4qdPkDWlDD1wAAAQ8"]
[Thu Jun 11 14:16:18.111834 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:43056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/Jenkinsfile"] [unique_id "airtYv8lKn4qdPkDWlDD1wAAAQ8"]
[Thu Jun 11 14:16:18.112171 2026] [security2:error] [pid 3902:tid 3924] [client 34.17.141.62:43056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD1wAAAQ8"]
[Thu Jun 11 14:16:18.113924 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:43064] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.drone.yml"] [unique_id "airtYpQ1oEsc4pCWMDN_RgAAAUc"]
[Thu Jun 11 14:16:18.114224 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:43064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.drone.yml"] [unique_id "airtYpQ1oEsc4pCWMDN_RgAAAUc"]
[Thu Jun 11 14:16:18.114563 2026] [security2:error] [pid 5830:tid 5842] [client 34.17.141.62:43064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_RgAAAUc"]
[Thu Jun 11 14:16:18.117007 2026] [security2:error] [pid 9918:tid 9923] [client 34.17.141.62:43040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC-wAAAEE"]
[Thu Jun 11 14:16:18.118880 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:43072] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.drone.yaml"] [unique_id "airtYjlbUCMVJYfLxkrR_wAAAII"]
[Thu Jun 11 14:16:18.119228 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:43072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.drone.yaml"] [unique_id "airtYjlbUCMVJYfLxkrR_wAAAII"]
[Thu Jun 11 14:16:18.119540 2026] [security2:error] [pid 21295:tid 21328] [client 34.17.141.62:43072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrR_wAAAII"]
[Thu Jun 11 14:16:18.122216 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:43060] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/jenkins/Jenkinsfile"] [unique_id "airtYqzVaq-mvl-Hfs-4-AAAAAg"]
[Thu Jun 11 14:16:18.122554 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:43060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/jenkins/Jenkinsfile"] [unique_id "airtYqzVaq-mvl-Hfs-4-AAAAAg"]
[Thu Jun 11 14:16:18.123209 2026] [security2:error] [pid 21296:tid 21307] [client 34.17.141.62:43060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4-AAAAAg"]
[Thu Jun 11 14:16:18.143239 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:43076] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/bitbucket-pipelines.yml"] [unique_id "airtYkKTwdTIu69rj43omwAAAMc"]
[Thu Jun 11 14:16:18.143723 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:43076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/bitbucket-pipelines.yml"] [unique_id "airtYkKTwdTIu69rj43omwAAAMc"]
[Thu Jun 11 14:16:18.144079 2026] [security2:error] [pid 21243:tid 21253] [client 34.17.141.62:43076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43omwAAAMc"]
[Thu Jun 11 14:16:18.146397 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:43100] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.buildkite/pipeline.yml"] [unique_id "airtYk4Kpjoch0F_BSqC_AAAAFI"]
[Thu Jun 11 14:16:18.146752 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:43100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.buildkite/pipeline.yml"] [unique_id "airtYk4Kpjoch0F_BSqC_AAAAFI"]
[Thu Jun 11 14:16:18.147226 2026] [security2:error] [pid 9918:tid 9940] [client 34.17.141.62:43100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC_AAAAFI"]
[Thu Jun 11 14:16:18.156899 2026] [security2:error] [pid 3902:tid 3918] [client 34.17.141.62:43084] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/azure-pipelines.yml"] [unique_id "airtYv8lKn4qdPkDWlDD2AAAAQk"]
[Thu Jun 11 14:16:18.157254 2026] [security2:error] [pid 3902:tid 3918] [client 34.17.141.62:43084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/azure-pipelines.yml"] [unique_id "airtYv8lKn4qdPkDWlDD2AAAAQk"]
[Thu Jun 11 14:16:18.157615 2026] [security2:error] [pid 3902:tid 3918] [client 34.17.141.62:43084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD2AAAAQk"]
[Thu Jun 11 14:16:18.159643 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:43110] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-QAAAAk"]
[Thu Jun 11 14:16:18.159785 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:43110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-QAAAAk"]
[Thu Jun 11 14:16:18.160121 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:43110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-QAAAAk"]
[Thu Jun 11 14:16:18.160503 2026] [security2:error] [pid 21296:tid 21308] [client 34.17.141.62:43110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4-QAAAAk"]
[Thu Jun 11 14:16:18.166788 2026] [security2:error] [pid 5830:tid 5850] [client 34.17.141.62:43118] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_RwAAAU8"]
[Thu Jun 11 14:16:18.166925 2026] [security2:error] [pid 5830:tid 5850] [client 34.17.141.62:43118] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_RwAAAU8"]
[Thu Jun 11 14:16:18.167197 2026] [security2:error] [pid 5830:tid 5850] [client 34.17.141.62:43118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_RwAAAU8"]
[Thu Jun 11 14:16:18.167746 2026] [security2:error] [pid 5830:tid 5850] [client 34.17.141.62:43118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_RwAAAU8"]
[Thu Jun 11 14:16:18.168846 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:43130] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/application.log"] [unique_id "airtYkKTwdTIu69rj43onAAAAMU"]
[Thu Jun 11 14:16:18.168947 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:43130] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/application.log"] [unique_id "airtYkKTwdTIu69rj43onAAAAMU"]
[Thu Jun 11 14:16:18.169262 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:43130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/application.log"] [unique_id "airtYkKTwdTIu69rj43onAAAAMU"]
[Thu Jun 11 14:16:18.169555 2026] [security2:error] [pid 21243:tid 21251] [client 34.17.141.62:43130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43onAAAAMU"]
[Thu Jun 11 14:16:18.169859 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:43126] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/app.log"] [unique_id "airtYjlbUCMVJYfLxkrSAQAAAIc"]
[Thu Jun 11 14:16:18.169961 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:43126] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/app.log"] [unique_id "airtYjlbUCMVJYfLxkrSAQAAAIc"]
[Thu Jun 11 14:16:18.170317 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:43126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/app.log"] [unique_id "airtYjlbUCMVJYfLxkrSAQAAAIc"]
[Thu Jun 11 14:16:18.170886 2026] [security2:error] [pid 21295:tid 21333] [client 34.17.141.62:43126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrSAQAAAIc"]
[Thu Jun 11 14:16:18.173543 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:43140] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/laravel.log"] [unique_id "airtYk4Kpjoch0F_BSqC_QAAAEk"]
[Thu Jun 11 14:16:18.173704 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:43140] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/laravel.log"] [unique_id "airtYk4Kpjoch0F_BSqC_QAAAEk"]
[Thu Jun 11 14:16:18.174029 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:43140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/laravel.log"] [unique_id "airtYk4Kpjoch0F_BSqC_QAAAEk"]
[Thu Jun 11 14:16:18.174395 2026] [security2:error] [pid 9918:tid 9931] [client 34.17.141.62:43140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC_QAAAEk"]
[Thu Jun 11 14:16:18.193513 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:43144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/access.log"] [unique_id "airtYv8lKn4qdPkDWlDD2QAAARE"]
[Thu Jun 11 14:16:18.193652 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:43144] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/access.log"] [unique_id "airtYv8lKn4qdPkDWlDD2QAAARE"]
[Thu Jun 11 14:16:18.193815 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:43158] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/trace.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SAAAAUk"]
[Thu Jun 11 14:16:18.193910 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:43158] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/trace.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SAAAAUk"]
[Thu Jun 11 14:16:18.194050 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:43144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/access.log"] [unique_id "airtYv8lKn4qdPkDWlDD2QAAARE"]
[Thu Jun 11 14:16:18.194236 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:43158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/trace.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SAAAAUk"]
[Thu Jun 11 14:16:18.194360 2026] [security2:error] [pid 3902:tid 3926] [client 34.17.141.62:43144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD2QAAARE"]
[Thu Jun 11 14:16:18.194537 2026] [security2:error] [pid 5830:tid 5844] [client 34.17.141.62:43158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_SAAAAUk"]
[Thu Jun 11 14:16:18.196289 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:43152] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/server.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-wAAAAQ"]
[Thu Jun 11 14:16:18.196454 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:43152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-wAAAAQ"]
[Thu Jun 11 14:16:18.196783 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:43152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server.log"] [unique_id "airtYqzVaq-mvl-Hfs-4-wAAAAQ"]
[Thu Jun 11 14:16:18.197187 2026] [security2:error] [pid 21296:tid 21304] [client 34.17.141.62:43152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4-wAAAAQ"]
[Thu Jun 11 14:16:18.215978 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:43166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/logs/debug.log"] [unique_id "airtYjlbUCMVJYfLxkrSAgAAAJg"]
[Thu Jun 11 14:16:18.216119 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:43166] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/logs/debug.log"] [unique_id "airtYjlbUCMVJYfLxkrSAgAAAJg"]
[Thu Jun 11 14:16:18.216478 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:43166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/logs/debug.log"] [unique_id "airtYjlbUCMVJYfLxkrSAgAAAJg"]
[Thu Jun 11 14:16:18.218230 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:43168] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/logs/error.log"] [unique_id "airtYkKTwdTIu69rj43ongAAAMk"]
[Thu Jun 11 14:16:18.218364 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:43168] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/logs/error.log"] [unique_id "airtYkKTwdTIu69rj43ongAAAMk"]
[Thu Jun 11 14:16:18.218708 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:43168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/logs/error.log"] [unique_id "airtYkKTwdTIu69rj43ongAAAMk"]
[Thu Jun 11 14:16:18.219131 2026] [security2:error] [pid 21243:tid 21255] [client 34.17.141.62:43168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43ongAAAMk"]
[Thu Jun 11 14:16:18.220260 2026] [security2:error] [pid 21295:tid 21350] [client 34.17.141.62:43166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrSAgAAAJg"]
[Thu Jun 11 14:16:18.229458 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:43194] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/logs/application.log"] [unique_id "airtYk4Kpjoch0F_BSqC_gAAAFc"]
[Thu Jun 11 14:16:18.229635 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:43194] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/logs/application.log"] [unique_id "airtYk4Kpjoch0F_BSqC_gAAAFc"]
[Thu Jun 11 14:16:18.230015 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:43194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/logs/application.log"] [unique_id "airtYk4Kpjoch0F_BSqC_gAAAFc"]
[Thu Jun 11 14:16:18.230401 2026] [security2:error] [pid 9918:tid 9945] [client 34.17.141.62:43194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC_gAAAFc"]
[Thu Jun 11 14:16:18.242280 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:43182] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/logs/app.log"] [unique_id "airtYv8lKn4qdPkDWlDD2gAAAQc"]
[Thu Jun 11 14:16:18.242281 2026] [security2:error] [pid 5830:tid 5852] [client 34.17.141.62:43210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/log/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SQAAAVE"]
[Thu Jun 11 14:16:18.242379 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:43182] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/logs/app.log"] [unique_id "airtYv8lKn4qdPkDWlDD2gAAAQc"]
[Thu Jun 11 14:16:18.242405 2026] [security2:error] [pid 5830:tid 5852] [client 34.17.141.62:43210] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/log/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SQAAAVE"]
[Thu Jun 11 14:16:18.242706 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:43182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/logs/app.log"] [unique_id "airtYv8lKn4qdPkDWlDD2gAAAQc"]
[Thu Jun 11 14:16:18.242722 2026] [security2:error] [pid 5830:tid 5852] [client 34.17.141.62:43210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/log/error.log"] [unique_id "airtYpQ1oEsc4pCWMDN_SQAAAVE"]
[Thu Jun 11 14:16:18.243197 2026] [security2:error] [pid 5830:tid 5852] [client 34.17.141.62:43210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_SQAAAVE"]
[Thu Jun 11 14:16:18.243394 2026] [security2:error] [pid 3902:tid 3916] [client 34.17.141.62:43182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD2gAAAQc"]
[Thu Jun 11 14:16:18.244849 2026] [authz_core:error] [pid 21295:tid 21337] [client 34.17.141.62:43224] AH01630: client denied by server configuration: /disk001/machen/public_html/_wildcard_.machen.ai/.htpasswd
[Thu Jun 11 14:16:18.250829 2026] [authz_core:error] [pid 21243:tid 21262] [client 34.17.141.62:43232] AH01630: client denied by server configuration: /disk001/machen/public_html/_wildcard_.machen.ai/.htaccess
[Thu Jun 11 14:16:18.260287 2026] [security2:error] [pid 9918:tid 9944] [client 34.17.141.62:43242] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/web.config"] [unique_id "airtYk4Kpjoch0F_BSqC_wAAAFY"]
[Thu Jun 11 14:16:18.260408 2026] [security2:error] [pid 9918:tid 9944] [client 34.17.141.62:43242] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/web.config"] [unique_id "airtYk4Kpjoch0F_BSqC_wAAAFY"]
[Thu Jun 11 14:16:18.260609 2026] [security2:error] [pid 9918:tid 9944] [client 34.17.141.62:43242] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/web.config"] [unique_id "airtYk4Kpjoch0F_BSqC_wAAAFY"]
[Thu Jun 11 14:16:18.260896 2026] [security2:error] [pid 9918:tid 9944] [client 34.17.141.62:43242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/web.config"] [unique_id "airtYk4Kpjoch0F_BSqC_wAAAFY"]
[Thu Jun 11 14:16:18.261338 2026] [security2:error] [pid 9918:tid 9944] [client 34.17.141.62:43242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqC_wAAAFY"]
[Thu Jun 11 14:16:18.263286 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:43248] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/nginx.conf"] [unique_id "airtYv8lKn4qdPkDWlDD2wAAAQQ"]
[Thu Jun 11 14:16:18.263414 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:43248] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/nginx.conf"] [unique_id "airtYv8lKn4qdPkDWlDD2wAAAQQ"]
[Thu Jun 11 14:16:18.263849 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:43196] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/log/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4_AAAABA"]
[Thu Jun 11 14:16:18.263971 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:43196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/log/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4_AAAABA"]
[Thu Jun 11 14:16:18.264332 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:43196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/log/debug.log"] [unique_id "airtYqzVaq-mvl-Hfs-4_AAAABA"]
[Thu Jun 11 14:16:18.264903 2026] [security2:error] [pid 21296:tid 21315] [client 34.17.141.62:43196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4_AAAABA"]
[Thu Jun 11 14:16:18.265492 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:43248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/nginx.conf"] [unique_id "airtYv8lKn4qdPkDWlDD2wAAAQQ"]
[Thu Jun 11 14:16:18.265873 2026] [security2:error] [pid 3902:tid 3913] [client 34.17.141.62:43248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD2wAAAQQ"]
[Thu Jun 11 14:16:18.270837 2026] [security2:error] [pid 5830:tid 5853] [client 34.17.141.62:43260] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/nginx.config"] [unique_id "airtYpQ1oEsc4pCWMDN_SgAAAVI"]
[Thu Jun 11 14:16:18.270958 2026] [security2:error] [pid 5830:tid 5853] [client 34.17.141.62:43260] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/nginx.config"] [unique_id "airtYpQ1oEsc4pCWMDN_SgAAAVI"]
[Thu Jun 11 14:16:18.271259 2026] [security2:error] [pid 5830:tid 5853] [client 34.17.141.62:43260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/nginx.config"] [unique_id "airtYpQ1oEsc4pCWMDN_SgAAAVI"]
[Thu Jun 11 14:16:18.271633 2026] [security2:error] [pid 5830:tid 5853] [client 34.17.141.62:43260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_SgAAAVI"]
[Thu Jun 11 14:16:18.272199 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:43264] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server.xml"] [unique_id "airtYjlbUCMVJYfLxkrSBQAAAI4"]
[Thu Jun 11 14:16:18.272498 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:43264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server.xml"] [unique_id "airtYjlbUCMVJYfLxkrSBQAAAI4"]
[Thu Jun 11 14:16:18.272867 2026] [security2:error] [pid 21295:tid 21340] [client 34.17.141.62:43264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrSBQAAAI4"]
[Thu Jun 11 14:16:18.274972 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:43270] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.gitconfig"] [unique_id "airtYk4Kpjoch0F_BSqDAAAAAEo"]
[Thu Jun 11 14:16:18.275114 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:43270] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.gitconfig"] [unique_id "airtYk4Kpjoch0F_BSqDAAAAAEo"]
[Thu Jun 11 14:16:18.275345 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:43270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.gitconfig"] [unique_id "airtYk4Kpjoch0F_BSqDAAAAAEo"]
[Thu Jun 11 14:16:18.275758 2026] [security2:error] [pid 9918:tid 9932] [client 34.17.141.62:43270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqDAAAAAEo"]
[Thu Jun 11 14:16:18.295621 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:43292] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.npmrc"] [unique_id "airtYqzVaq-mvl-Hfs-4_QAAAAY"]
[Thu Jun 11 14:16:18.296103 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:43292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.npmrc"] [unique_id "airtYqzVaq-mvl-Hfs-4_QAAAAY"]
[Thu Jun 11 14:16:18.296548 2026] [security2:error] [pid 21296:tid 21305] [client 34.17.141.62:43292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4_QAAAAY"]
[Thu Jun 11 14:16:18.297842 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:43278] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.netrc"] [unique_id "airtYv8lKn4qdPkDWlDD3AAAAQU"]
[Thu Jun 11 14:16:18.297997 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:43278] ModSecurity: Warning. Matched phrase ".netrc" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .netrc found within REQUEST_FILENAME: /.netrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.netrc"] [unique_id "airtYv8lKn4qdPkDWlDD3AAAAQU"]
[Thu Jun 11 14:16:18.298194 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:43278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.netrc"] [unique_id "airtYv8lKn4qdPkDWlDD3AAAAQU"]
[Thu Jun 11 14:16:18.298491 2026] [security2:error] [pid 3902:tid 3914] [client 34.17.141.62:43278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD3AAAAQU"]
[Thu Jun 11 14:16:18.302935 2026] [security2:error] [pid 5830:tid 5854] [client 34.17.141.62:43296] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.pypirc"] [unique_id "airtYpQ1oEsc4pCWMDN_SwAAAVM"]
[Thu Jun 11 14:16:18.303354 2026] [security2:error] [pid 5830:tid 5854] [client 34.17.141.62:43296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.pypirc"] [unique_id "airtYpQ1oEsc4pCWMDN_SwAAAVM"]
[Thu Jun 11 14:16:18.303784 2026] [security2:error] [pid 5830:tid 5854] [client 34.17.141.62:43296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_SwAAAVM"]
[Thu Jun 11 14:16:18.311977 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:43310] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.bash_history"] [unique_id "airtYjlbUCMVJYfLxkrSBgAAAI0"]
[Thu Jun 11 14:16:18.312110 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:43310] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.bash_history"] [unique_id "airtYjlbUCMVJYfLxkrSBgAAAI0"]
[Thu Jun 11 14:16:18.312511 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:43310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.bash_history"] [unique_id "airtYjlbUCMVJYfLxkrSBgAAAI0"]
[Thu Jun 11 14:16:18.313084 2026] [security2:error] [pid 21295:tid 21339] [client 34.17.141.62:43310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrSBgAAAI0"]
[Thu Jun 11 14:16:18.315218 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:43316] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "airtYkKTwdTIu69rj43ooAAAAMQ"]
[Thu Jun 11 14:16:18.315366 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:43316] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "airtYkKTwdTIu69rj43ooAAAAMQ"]
[Thu Jun 11 14:16:18.315622 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:43316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.ssh/id_rsa"] [unique_id "airtYkKTwdTIu69rj43ooAAAAMQ"]
[Thu Jun 11 14:16:18.316674 2026] [security2:error] [pid 21243:tid 21250] [client 34.17.141.62:43316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43ooAAAAMQ"]
[Thu Jun 11 14:16:18.322309 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:43320] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "airtYk4Kpjoch0F_BSqDAQAAAEQ"]
[Thu Jun 11 14:16:18.322457 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:43320] ModSecurity: Warning. Matched phrase ".ssh/authorized_keys" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/authorized_keys found within REQUEST_FILENAME: /.ssh/authorized_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "airtYk4Kpjoch0F_BSqDAQAAAEQ"]
[Thu Jun 11 14:16:18.322695 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:43320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.ssh/authorized_keys"] [unique_id "airtYk4Kpjoch0F_BSqDAQAAAEQ"]
[Thu Jun 11 14:16:18.323010 2026] [security2:error] [pid 9918:tid 9926] [client 34.17.141.62:43320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYk4Kpjoch0F_BSqDAQAAAEQ"]
[Thu Jun 11 14:16:18.333705 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:43348] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/private.key"] [unique_id "airtYv8lKn4qdPkDWlDD3QAAAQY"]
[Thu Jun 11 14:16:18.333863 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:43348] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private.key"] [unique_id "airtYv8lKn4qdPkDWlDD3QAAAQY"]
[Thu Jun 11 14:16:18.334104 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:43348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private.key"] [unique_id "airtYv8lKn4qdPkDWlDD3QAAAQY"]
[Thu Jun 11 14:16:18.334416 2026] [security2:error] [pid 3902:tid 3915] [client 34.17.141.62:43348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYv8lKn4qdPkDWlDD3QAAAQY"]
[Thu Jun 11 14:16:18.335045 2026] [security2:error] [pid 5830:tid 5855] [client 34.17.141.62:43364] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/private_key.pem"] [unique_id "airtYpQ1oEsc4pCWMDN_TAAAAVQ"]
[Thu Jun 11 14:16:18.335346 2026] [security2:error] [pid 5830:tid 5855] [client 34.17.141.62:43364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/private_key.pem"] [unique_id "airtYpQ1oEsc4pCWMDN_TAAAAVQ"]
[Thu Jun 11 14:16:18.335701 2026] [security2:error] [pid 5830:tid 5855] [client 34.17.141.62:43364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYpQ1oEsc4pCWMDN_TAAAAVQ"]
[Thu Jun 11 14:16:18.336112 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:43334] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/id_rsa"] [unique_id "airtYqzVaq-mvl-Hfs-4_gAAAA8"]
[Thu Jun 11 14:16:18.336422 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:43334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/id_rsa"] [unique_id "airtYqzVaq-mvl-Hfs-4_gAAAA8"]
[Thu Jun 11 14:16:18.336773 2026] [security2:error] [pid 21296:tid 21314] [client 34.17.141.62:43334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYqzVaq-mvl-Hfs-4_gAAAA8"]
[Thu Jun 11 14:16:18.356333 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:43376] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server.pem"] [unique_id "airtYkKTwdTIu69rj43oogAAAMI"]
[Thu Jun 11 14:16:18.356829 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:43376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server.pem"] [unique_id "airtYkKTwdTIu69rj43oogAAAMI"]
[Thu Jun 11 14:16:18.357382 2026] [security2:error] [pid 21243:tid 21248] [client 34.17.141.62:43376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYkKTwdTIu69rj43oogAAAMI"]
[Thu Jun 11 14:16:18.359716 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:43368] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.file.machen.ai"] [uri "/server.key"] [unique_id "airtYjlbUCMVJYfLxkrSBwAAAIg"]
[Thu Jun 11 14:16:18.359827 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:43368] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.file.machen.ai"] [uri "/server.key"] [unique_id "airtYjlbUCMVJYfLxkrSBwAAAIg"]
[Thu Jun 11 14:16:18.360116 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:43368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/server.key"] [unique_id "airtYjlbUCMVJYfLxkrSBwAAAIg"]
[Thu Jun 11 14:16:18.360419 2026] [security2:error] [pid 21295:tid 21334] [client 34.17.141.62:43368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/index.html"] [unique_id "airtYjlbUCMVJYfLxkrSBwAAAIg"]
[Thu Jun 11 14:16:28.159852 2026] [security2:error] [pid 9918:tid 9942] [client 49.51.183.15:43870] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "airtbE4Kpjoch0F_BSqDHwAAAFQ"]
[Thu Jun 11 14:21:57.517480 2026] [security2:error] [pid 21243:tid 21256] [client 80.13.153.140:45611] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "airutUKTwdTIu69rj43tYAAAAMo"]
[Thu Jun 11 14:22:53.479412 2026] [:error] [pid 5830:tid 5840] [client 20.220.167.94:5553] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Thu Jun 11 14:22:53.555716 2026] [:error] [pid 5830:tid 5840] [client 20.220.167.94:5553] File does not exist: /disk001/sonne/public_html/wp-Blogs.php
[Thu Jun 11 14:24:31.751689 2026] [security2:error] [pid 21243:tid 21262] [client 43.164.194.198:42238] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "airvT0KTwdTIu69rj43vhwAAANA"]
[Thu Jun 11 14:27:07.313912 2026] [security2:error] [pid 9918:tid 9935] [client 43.153.71.132:55780] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "airv604Kpjoch0F_BSqNHwAAAE0"]
[Thu Jun 11 14:29:44.735337 2026] [security2:error] [pid 5830:tid 5839] [client 185.12.59.118:44102] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airwiJQ1oEsc4pCWMDOL-QAAAUQ"]
[Thu Jun 11 14:30:44.244100 2026] [security2:error] [pid 21295:tid 21335] [client 198.235.24.38:62022] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airwxDlbUCMVJYfLxkrdIwAAAIk"]
[Thu Jun 11 14:33:17.473821 2026] [security2:error] [pid 9918:tid 9927] [client 49.233.45.47:35174] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "airxXU4Kpjoch0F_BSqSlgAAAEU"]
[Thu Jun 11 14:33:20.279504 2026] [security2:error] [pid 21295:tid 21343] [client 74.7.242.25:58776] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/modules found within ARGS:path: /proc/7722/root/proc/self/root/etc/modules-load.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airxYDlbUCMVJYfLxkrfNwAAAJE"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:33:20.280169 2026] [security2:error] [pid 21295:tid 21343] [client 74.7.242.25:58776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airxYDlbUCMVJYfLxkrfNwAAAJE"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:33:20.280481 2026] [security2:error] [pid 21295:tid 21343] [client 74.7.242.25:58776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airxYDlbUCMVJYfLxkrfNwAAAJE"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:36:05.427526 2026] [security2:error] [pid 3902:tid 3929] [client 74.7.242.25:37108] ModSecurity: Warning. Matched phrase "package.json" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: package.json found within ARGS:fileloc: /proc/7722/root/proc/self/root/opt/lck-backend/node_modules/serve-static/package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airyBf8lKn4qdPkDWlDV4gAAARQ"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/opt/lck-backend/node_modules/serve-static
[Thu Jun 11 14:36:05.428934 2026] [security2:error] [pid 3902:tid 3929] [client 74.7.242.25:37108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airyBf8lKn4qdPkDWlDV4gAAARQ"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/opt/lck-backend/node_modules/serve-static
[Thu Jun 11 14:36:05.429299 2026] [security2:error] [pid 3902:tid 3929] [client 74.7.242.25:37108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "airyBf8lKn4qdPkDWlDV4gAAARQ"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/opt/lck-backend/node_modules/serve-static
[Thu Jun 11 14:37:14.845061 2026] [security2:error] [pid 5830:tid 5843] [client 43.153.26.165:50588] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "airySpQ1oEsc4pCWMDOS-gAAAUg"]
[Thu Jun 11 14:40:12.019547 2026] [security2:error] [pid 21295:tid 21335] [client 172.239.64.86:27778] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "airy_DlbUCMVJYfLxkrkzAAAAIk"]
[Thu Jun 11 14:40:12.148810 2026] [security2:error] [pid 21295:tid 21335] [client 172.239.64.86:27778] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "airy_DlbUCMVJYfLxkrkzgAAAIk"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 14:44:47.603923 2026] [security2:error] [pid 21296:tid 21319] [client 43.155.27.244:38938] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "air0D6zVaq-mvl-Hfs_UAwAAABQ"]
[Thu Jun 11 14:48:09.386965 2026] [security2:error] [pid 21296:tid 21308] [client 185.242.226.113:47119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "air02azVaq-mvl-Hfs_WzQAAAAk"], referer: http://13.84.161.190:80/
[Thu Jun 11 14:49:30.916825 2026] [security2:error] [pid 9918:tid 9944] [client 45.148.10.67:36848] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "air1Kk4Kpjoch0F_BSqgzgAAAFY"]
[Thu Jun 11 14:55:12.206436 2026] [security2:error] [pid 21243:tid 21257] [client 78.153.140.93:46984] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "air2gEKTwdTIu69rj40I8AAAAMs"]
[Thu Jun 11 14:55:12.206694 2026] [security2:error] [pid 21243:tid 21257] [client 78.153.140.93:46984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "air2gEKTwdTIu69rj40I8AAAAMs"]
[Thu Jun 11 14:55:12.206914 2026] [security2:error] [pid 21243:tid 21257] [client 78.153.140.93:46984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "air2gEKTwdTIu69rj40I8AAAAMs"]
[Thu Jun 11 14:55:12.207835 2026] [security2:error] [pid 21243:tid 21257] [client 78.153.140.93:46984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "air2gEKTwdTIu69rj40I8AAAAMs"]
[Thu Jun 11 14:55:12.587635 2026] [security2:error] [pid 3902:tid 3926] [client 78.153.140.93:46986] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "air2gP8lKn4qdPkDWlDnNwAAARE"]
[Thu Jun 11 14:57:54.987386 2026] [security2:error] [pid 21295:tid 21341] [client 43.131.253.14:41714] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "air3IjlbUCMVJYfLxkrzeAAAAI8"]
[Thu Jun 11 14:58:21.616922 2026] [security2:error] [pid 3902:tid 3933] [client 74.7.242.25:45172] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:path: /proc/7722/root/proc/self/root/etc/my.cnf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3Pf8lKn4qdPkDWlDqugAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:58:21.617670 2026] [security2:error] [pid 3902:tid 3933] [client 74.7.242.25:45172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3Pf8lKn4qdPkDWlDqugAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:58:21.617944 2026] [security2:error] [pid 3902:tid 3933] [client 74.7.242.25:45172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3Pf8lKn4qdPkDWlDqugAAARg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:59:18.714086 2026] [security2:error] [pid 21295:tid 21329] [client 129.159.56.14:45338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "air3djlbUCMVJYfLxkr0IgAAAIM"]
[Thu Jun 11 14:59:18.714427 2026] [security2:error] [pid 21295:tid 21329] [client 129.159.56.14:45338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "air3djlbUCMVJYfLxkr0IgAAAIM"]
[Thu Jun 11 14:59:18.714723 2026] [security2:error] [pid 21295:tid 21329] [client 129.159.56.14:45338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "erhabenn.com.br"] [uri "/.env"] [unique_id "air3djlbUCMVJYfLxkr0IgAAAIM"]
[Thu Jun 11 14:59:56.460296 2026] [security2:error] [pid 21295:tid 21336] [client 74.7.242.25:52086] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/init.d found within ARGS:path: /proc/7722/root/proc/self/root/etc/init.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3nDlbUCMVJYfLxkr0oAAAAIo"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:59:56.461051 2026] [security2:error] [pid 21295:tid 21336] [client 74.7.242.25:52086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3nDlbUCMVJYfLxkr0oAAAAIo"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 14:59:56.461343 2026] [security2:error] [pid 21295:tid 21336] [client 74.7.242.25:52086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "air3nDlbUCMVJYfLxkr0oAAAAIo"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 15:03:58.220806 2026] [security2:error] [pid 21296:tid 21308] [client 2.57.122.103:33272] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "920100"] [msg "Invalid HTTP Request Line"] [data "CONNECT dmarket.com:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "dmarket.com"] [uri "/"] [unique_id "air4jqzVaq-mvl-Hfs_m3AAAAAk"]
[Thu Jun 11 15:06:50.173795 2026] [security2:error] [pid 21243:tid 21247] [client 43.166.129.247:53772] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "air5OkKTwdTIu69rj40SAgAAAME"]
[Thu Jun 11 15:15:25.810018 2026] [security2:error] [pid 3902:tid 3926] [client 101.33.81.73:34604] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "air7Pf8lKn4qdPkDWlD55gAAARE"]
[Thu Jun 11 15:18:49.601483 2026] [security2:error] [pid 3902:tid 3911] [client 202.98.62.60:38902] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/"] [unique_id "air8Cf8lKn4qdPkDWlD8MQAAAQI"]
[Thu Jun 11 15:19:00.744541 2026] [security2:error] [pid 21295:tid 21330] [client 34.123.82.129:19956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "air8FDlbUCMVJYfLxkoGDAAAAIQ"]
[Thu Jun 11 15:19:00.745135 2026] [security2:error] [pid 21295:tid 21330] [client 34.123.82.129:19956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "air8FDlbUCMVJYfLxkoGDAAAAIQ"]
[Thu Jun 11 15:19:00.745401 2026] [security2:error] [pid 21295:tid 21330] [client 34.123.82.129:19956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "air8FDlbUCMVJYfLxkoGDAAAAIQ"]
[Thu Jun 11 15:19:03.307279 2026] [security2:error] [pid 21295:tid 21344] [client 34.123.82.129:19966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "air8FzlbUCMVJYfLxkoGGQAAAJI"]
[Thu Jun 11 15:19:03.309777 2026] [security2:error] [pid 21295:tid 21344] [client 34.123.82.129:19966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "air8FzlbUCMVJYfLxkoGGQAAAJI"]
[Thu Jun 11 15:19:10.478984 2026] [security2:error] [pid 21295:tid 21344] [client 34.123.82.129:19966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "air8FzlbUCMVJYfLxkoGGQAAAJI"]
[Thu Jun 11 15:19:22.469954 2026] [security2:error] [pid 5830:tid 5840] [client 202.98.62.60:49960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/nmaplowercheck1781201882"] [unique_id "air8KpQ1oEsc4pCWMDO4IwAAAUU"]
[Thu Jun 11 15:19:23.808741 2026] [security2:error] [pid 21295:tid 21337] [client 202.98.62.60:51244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/NmapUpperCheck1781201882"] [unique_id "air8KzlbUCMVJYfLxkoGWAAAAIs"]
[Thu Jun 11 15:19:24.831801 2026] [security2:error] [pid 21295:tid 21333] [client 202.98.62.60:52160] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "air8LDlbUCMVJYfLxkoGWwAAAIc"]
[Thu Jun 11 15:19:25.791700 2026] [security2:error] [pid 9918:tid 9927] [client 43.134.187.251:52550] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "air8LU4Kpjoch0F_BSq8qgAAAEU"]
[Thu Jun 11 15:19:25.791791 2026] [security2:error] [pid 9918:tid 9927] [client 43.134.187.251:52550] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "air8LU4Kpjoch0F_BSq8qgAAAEU"]
[Thu Jun 11 15:19:25.792410 2026] [security2:error] [pid 9918:tid 9927] [client 43.134.187.251:52550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "air8LU4Kpjoch0F_BSq8qgAAAEU"]
[Thu Jun 11 15:19:25.793401 2026] [security2:error] [pid 9918:tid 9927] [client 43.134.187.251:52550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "air8LU4Kpjoch0F_BSq8qgAAAEU"]
[Thu Jun 11 15:19:26.073744 2026] [security2:error] [pid 5830:tid 5856] [client 202.98.62.60:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/Nmap/folder/check1781201882"] [unique_id "air8LpQ1oEsc4pCWMDO4NwAAAVU"]
[Thu Jun 11 15:19:27.516562 2026] [security2:error] [pid 3902:tid 3931] [client 202.98.62.60:54606] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/HNAP1"] [unique_id "air8L_8lKn4qdPkDWlD83wAAARY"]
[Thu Jun 11 15:19:30.076022 2026] [security2:error] [pid 9918:tid 9930] [client 202.98.62.60:56940] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "702"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/sdk"] [unique_id "air8Mk4Kpjoch0F_BSq8sgAAAEg"]
[Thu Jun 11 15:19:30.076088 2026] [security2:error] [pid 9918:tid 9930] [client 202.98.62.60:56940] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/sdk"] [unique_id "air8Mk4Kpjoch0F_BSq8sgAAAEg"]
[Thu Jun 11 15:19:30.076517 2026] [security2:error] [pid 9918:tid 9930] [client 202.98.62.60:56940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/sdk"] [unique_id "air8Mk4Kpjoch0F_BSq8sgAAAEg"]
[Thu Jun 11 15:19:30.675320 2026] [security2:error] [pid 9918:tid 9930] [client 202.98.62.60:56940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "air8Mk4Kpjoch0F_BSq8sgAAAEg"]
[Thu Jun 11 15:19:32.169462 2026] [security2:error] [pid 21243:tid 21246] [client 202.98.62.60:59028] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/evox/about"] [unique_id "air8NEKTwdTIu69rj40fWAAAAMA"]
[Thu Jun 11 15:19:48.204050 2026] [security2:error] [pid 21243:tid 21252] [client 202.98.62.60:43796] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/"] [unique_id "air8REKTwdTIu69rj40fiQAAAMY"]
[Thu Jun 11 15:19:50.352807 2026] [security2:error] [pid 9918:tid 9922] [client 202.98.62.60:45322] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "air8Rk4Kpjoch0F_BSq81QAAAEA"]
[Thu Jun 11 15:25:30.006774 2026] [security2:error] [pid 5830:tid 5840] [client 43.135.36.201:49954] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "air9mpQ1oEsc4pCWMDO_EgAAAUU"]
[Thu Jun 11 15:28:36.578287 2026] [security2:error] [pid 5830:tid 5858] [client 93.123.109.178:41792] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "sonneconsultoria.com.br"] [uri "/"] [unique_id "air-VJQ1oEsc4pCWMDPCtQAAAVc"]
[Thu Jun 11 15:28:36.578790 2026] [security2:error] [pid 5830:tid 5858] [client 93.123.109.178:41792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/"] [unique_id "air-VJQ1oEsc4pCWMDPCtQAAAVc"]
[Thu Jun 11 15:28:36.579120 2026] [security2:error] [pid 5830:tid 5858] [client 93.123.109.178:41792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/"] [unique_id "air-VJQ1oEsc4pCWMDPCtQAAAVc"]
[Thu Jun 11 15:37:18.580314 2026] [security2:error] [pid 21243:tid 21262] [client 80.13.153.140:57064] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisAXkKTwdTIu69rj40vugAAANA"]
[Thu Jun 11 15:37:41.576819 2026] [security2:error] [pid 21243:tid 21252] [client 43.157.53.115:44806] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "aisAdUKTwdTIu69rj40vzAAAAMY"]
[Thu Jun 11 15:37:48.707030 2026] [security2:error] [pid 21295:tid 21345] [client 80.13.153.140:56454] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/owa/auth/logon.aspx"] [unique_id "aisAfDlbUCMVJYfLxkoUqAAAAJM"]
[Thu Jun 11 15:38:13.075905 2026] [security2:error] [pid 5830:tid 5835] [client 80.13.153.140:55734] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisAlZQ1oEsc4pCWMDPL5wAAAUA"]
[Thu Jun 11 15:38:13.076137 2026] [security2:error] [pid 5830:tid 5835] [client 80.13.153.140:55734] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisAlZQ1oEsc4pCWMDPL5wAAAUA"]
[Thu Jun 11 15:38:13.076486 2026] [security2:error] [pid 5830:tid 5835] [client 80.13.153.140:55734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisAlZQ1oEsc4pCWMDPL5wAAAUA"]
[Thu Jun 11 15:38:13.077312 2026] [security2:error] [pid 5830:tid 5835] [client 80.13.153.140:55734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisAlZQ1oEsc4pCWMDPL5wAAAUA"]
[Thu Jun 11 15:38:36.727649 2026] [security2:error] [pid 5830:tid 5857] [client 80.13.153.140:36492] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisArJQ1oEsc4pCWMDPMNwAAAVY"]
[Thu Jun 11 15:39:01.222941 2026] [security2:error] [pid 21295:tid 21338] [client 80.13.153.140:50780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/centreon/"] [unique_id "aisAxTlbUCMVJYfLxkoVwwAAAIw"]
[Thu Jun 11 15:39:24.459135 2026] [security2:error] [pid 21296:tid 21320] [client 80.13.153.140:43742] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/security.txt"] [unique_id "aisA3KzVaq-mvl-Hfs8GUQAAABU"]
[Thu Jun 11 15:39:35.641835 2026] [security2:error] [pid 9918:tid 9945] [client 45.156.128.41:51712] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisA504Kpjoch0F_BSrNrAAAAFc"]
[Thu Jun 11 15:39:35.759864 2026] [security2:error] [pid 9918:tid 9945] [client 45.156.128.41:51712] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisA504Kpjoch0F_BSrNrQAAAFc"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 15:40:06.806183 2026] [security2:error] [pid 21243:tid 21248] [client 167.71.71.11:33314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisBBkKTwdTIu69rj40ySAAAAMI"]
[Thu Jun 11 15:40:07.218880 2026] [security2:error] [pid 21296:tid 21314] [client 167.71.71.11:33320] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisBB6zVaq-mvl-Hfs8HRwAAAA8"], referer: https://13.66.22.226:443
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 15:40:07.791353 2026] [security2:error] [pid 21243:tid 21252] [client 167.71.71.11:33322] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisBB0KTwdTIu69rj40ySwAAAMY"]
[Thu Jun 11 15:40:08.184519 2026] [security2:error] [pid 21296:tid 21305] [client 167.71.71.11:33336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisBCKzVaq-mvl-Hfs8HTAAAAAY"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 15:41:47.764097 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aisBazlbUCMVJYfLxkoYbgAAAIE"]
[Thu Jun 11 15:41:47.764687 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/wp-content/debug.log"] [unique_id "aisBazlbUCMVJYfLxkoYbgAAAIE"]
[Thu Jun 11 15:41:47.765365 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBazlbUCMVJYfLxkoYbgAAAIE"]
[Thu Jun 11 15:41:47.940494 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env"] [unique_id "aisBazlbUCMVJYfLxkoYbwAAAIE"]
[Thu Jun 11 15:41:47.940755 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env"] [unique_id "aisBazlbUCMVJYfLxkoYbwAAAIE"]
[Thu Jun 11 15:41:47.941115 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBazlbUCMVJYfLxkoYbwAAAIE"]
[Thu Jun 11 15:41:48.793051 2026] [security2:error] [pid 21295:tid 21336] [client 208.84.101.231:14668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/src/.env"] [unique_id "aisBbDlbUCMVJYfLxkoYdAAAAIo"]
[Thu Jun 11 15:41:48.793311 2026] [security2:error] [pid 21295:tid 21336] [client 208.84.101.231:14668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/src/.env"] [unique_id "aisBbDlbUCMVJYfLxkoYdAAAAIo"]
[Thu Jun 11 15:41:48.797634 2026] [security2:error] [pid 5830:tid 5842] [client 208.84.101.231:14572] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.docker/config.json"] [unique_id "aisBbJQ1oEsc4pCWMDPPtgAAAUc"]
[Thu Jun 11 15:41:48.797883 2026] [security2:error] [pid 5830:tid 5842] [client 208.84.101.231:14572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.docker/config.json"] [unique_id "aisBbJQ1oEsc4pCWMDPPtgAAAUc"]
[Thu Jun 11 15:41:48.798277 2026] [security2:error] [pid 5830:tid 5842] [client 208.84.101.231:14572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbJQ1oEsc4pCWMDPPtgAAAUc"]
[Thu Jun 11 15:41:48.805284 2026] [security2:error] [pid 21295:tid 21326] [client 208.84.101.231:13880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production"] [unique_id "aisBbDlbUCMVJYfLxkoYdQAAAIA"]
[Thu Jun 11 15:41:48.805540 2026] [security2:error] [pid 21295:tid 21326] [client 208.84.101.231:13880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production"] [unique_id "aisBbDlbUCMVJYfLxkoYdQAAAIA"]
[Thu Jun 11 15:41:48.819247 2026] [security2:error] [pid 21295:tid 21326] [client 208.84.101.231:13880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbDlbUCMVJYfLxkoYdQAAAIA"]
[Thu Jun 11 15:41:48.827244 2026] [security2:error] [pid 21295:tid 21336] [client 208.84.101.231:14668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbDlbUCMVJYfLxkoYdAAAAIo"]
[Thu Jun 11 15:41:48.843597 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local"] [unique_id "aisBbDlbUCMVJYfLxkoYegAAAIE"]
[Thu Jun 11 15:41:48.843828 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local"] [unique_id "aisBbDlbUCMVJYfLxkoYegAAAIE"]
[Thu Jun 11 15:41:48.844149 2026] [security2:error] [pid 21295:tid 21327] [client 208.84.101.231:39492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbDlbUCMVJYfLxkoYegAAAIE"]
[Thu Jun 11 15:41:48.849723 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14092] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.aws/credentials"] [unique_id "aisBbKzVaq-mvl-Hfs8INQAAAAs"]
[Thu Jun 11 15:41:48.849942 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.aws/credentials"] [unique_id "aisBbKzVaq-mvl-Hfs8INQAAAAs"]
[Thu Jun 11 15:41:48.850271 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbKzVaq-mvl-Hfs8INQAAAAs"]
[Thu Jun 11 15:41:48.851782 2026] [security2:error] [pid 9918:tid 9940] [client 208.84.101.231:13996] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/server/.env"] [unique_id "aisBbE4Kpjoch0F_BSrP1gAAAFI"]
[Thu Jun 11 15:41:48.851987 2026] [security2:error] [pid 9918:tid 9940] [client 208.84.101.231:13996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/server/.env"] [unique_id "aisBbE4Kpjoch0F_BSrP1gAAAFI"]
[Thu Jun 11 15:41:48.852312 2026] [security2:error] [pid 9918:tid 9940] [client 208.84.101.231:13996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbE4Kpjoch0F_BSrP1gAAAFI"]
[Thu Jun 11 15:41:48.863150 2026] [security2:error] [pid 3902:tid 3924] [client 208.84.101.231:14582] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.kube/config"] [unique_id "aisBbP8lKn4qdPkDWlAQOQAAAQ8"]
[Thu Jun 11 15:41:48.863398 2026] [security2:error] [pid 3902:tid 3924] [client 208.84.101.231:14582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.kube/config"] [unique_id "aisBbP8lKn4qdPkDWlAQOQAAAQ8"]
[Thu Jun 11 15:41:48.863786 2026] [security2:error] [pid 3902:tid 3924] [client 208.84.101.231:14582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbP8lKn4qdPkDWlAQOQAAAQ8"]
[Thu Jun 11 15:41:49.058880 2026] [security2:error] [pid 21296:tid 21319] [client 208.84.101.231:14612] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.bak"] [unique_id "aisBbazVaq-mvl-Hfs8IOAAAABQ"]
[Thu Jun 11 15:41:49.059171 2026] [security2:error] [pid 21296:tid 21319] [client 208.84.101.231:14612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.bak"] [unique_id "aisBbazVaq-mvl-Hfs8IOAAAABQ"]
[Thu Jun 11 15:41:49.059458 2026] [security2:error] [pid 21296:tid 21319] [client 208.84.101.231:14612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.bak"] [unique_id "aisBbazVaq-mvl-Hfs8IOAAAABQ"]
[Thu Jun 11 15:41:49.059843 2026] [security2:error] [pid 21296:tid 21319] [client 208.84.101.231:14612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbazVaq-mvl-Hfs8IOAAAABQ"]
[Thu Jun 11 15:41:49.667362 2026] [security2:error] [pid 21295:tid 21350] [client 208.84.101.231:13894] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.backup"] [unique_id "aisBbTlbUCMVJYfLxkoYggAAAJg"]
[Thu Jun 11 15:41:49.667620 2026] [security2:error] [pid 21295:tid 21350] [client 208.84.101.231:13894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.backup"] [unique_id "aisBbTlbUCMVJYfLxkoYggAAAJg"]
[Thu Jun 11 15:41:49.668117 2026] [security2:error] [pid 21295:tid 21350] [client 208.84.101.231:13894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.backup"] [unique_id "aisBbTlbUCMVJYfLxkoYggAAAJg"]
[Thu Jun 11 15:41:49.668489 2026] [security2:error] [pid 21295:tid 21350] [client 208.84.101.231:13894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbTlbUCMVJYfLxkoYggAAAJg"]
[Thu Jun 11 15:41:49.687865 2026] [security2:error] [pid 21295:tid 21349] [client 208.84.101.231:13952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/app/.env"] [unique_id "aisBbTlbUCMVJYfLxkoYgwAAAJc"]
[Thu Jun 11 15:41:49.688121 2026] [security2:error] [pid 21295:tid 21349] [client 208.84.101.231:13952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/app/.env"] [unique_id "aisBbTlbUCMVJYfLxkoYgwAAAJc"]
[Thu Jun 11 15:41:49.688457 2026] [security2:error] [pid 21295:tid 21349] [client 208.84.101.231:13952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbTlbUCMVJYfLxkoYgwAAAJc"]
[Thu Jun 11 15:41:49.689824 2026] [security2:error] [pid 9918:tid 9930] [client 208.84.101.231:14014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/public/.env"] [unique_id "aisBbU4Kpjoch0F_BSrP1wAAAEg"]
[Thu Jun 11 15:41:49.689966 2026] [security2:error] [pid 3902:tid 3912] [client 208.84.101.231:13906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.development"] [unique_id "aisBbf8lKn4qdPkDWlAQQAAAAQM"]
[Thu Jun 11 15:41:49.690025 2026] [security2:error] [pid 9918:tid 9930] [client 208.84.101.231:14014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/public/.env"] [unique_id "aisBbU4Kpjoch0F_BSrP1wAAAEg"]
[Thu Jun 11 15:41:49.690190 2026] [security2:error] [pid 3902:tid 3912] [client 208.84.101.231:13906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.development"] [unique_id "aisBbf8lKn4qdPkDWlAQQAAAAQM"]
[Thu Jun 11 15:41:49.690379 2026] [security2:error] [pid 9918:tid 9930] [client 208.84.101.231:14014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbU4Kpjoch0F_BSrP1wAAAEg"]
[Thu Jun 11 15:41:49.690535 2026] [security2:error] [pid 3902:tid 3912] [client 208.84.101.231:13906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbf8lKn4qdPkDWlAQQAAAAQM"]
[Thu Jun 11 15:41:49.691871 2026] [security2:error] [pid 3902:tid 3913] [client 208.84.101.231:14008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/web/.env"] [unique_id "aisBbf8lKn4qdPkDWlAQQQAAAQQ"]
[Thu Jun 11 15:41:49.692072 2026] [security2:error] [pid 3902:tid 3913] [client 208.84.101.231:14008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/web/.env"] [unique_id "aisBbf8lKn4qdPkDWlAQQQAAAQQ"]
[Thu Jun 11 15:41:49.692548 2026] [security2:error] [pid 3902:tid 3913] [client 208.84.101.231:14008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbf8lKn4qdPkDWlAQQQAAAQQ"]
[Thu Jun 11 15:41:49.694719 2026] [security2:error] [pid 21296:tid 21301] [client 208.84.101.231:13940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.save"] [unique_id "aisBbazVaq-mvl-Hfs8IOwAAAAE"]
[Thu Jun 11 15:41:49.694835 2026] [security2:error] [pid 5830:tid 5852] [client 208.84.101.231:13884] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.old"] [unique_id "aisBbZQ1oEsc4pCWMDPPwgAAAVE"]
[Thu Jun 11 15:41:49.694968 2026] [security2:error] [pid 21296:tid 21301] [client 208.84.101.231:13940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.save"] [unique_id "aisBbazVaq-mvl-Hfs8IOwAAAAE"]
[Thu Jun 11 15:41:49.695286 2026] [security2:error] [pid 5830:tid 5852] [client 208.84.101.231:13884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.old"] [unique_id "aisBbZQ1oEsc4pCWMDPPwgAAAVE"]
[Thu Jun 11 15:41:49.695307 2026] [security2:error] [pid 21296:tid 21301] [client 208.84.101.231:13940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbazVaq-mvl-Hfs8IOwAAAAE"]
[Thu Jun 11 15:41:49.695503 2026] [security2:error] [pid 5830:tid 5852] [client 208.84.101.231:13884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.old"] [unique_id "aisBbZQ1oEsc4pCWMDPPwgAAAVE"]
[Thu Jun 11 15:41:49.695889 2026] [security2:error] [pid 5830:tid 5852] [client 208.84.101.231:13884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbZQ1oEsc4pCWMDPPwgAAAVE"]
[Thu Jun 11 15:41:49.696605 2026] [security2:error] [pid 21295:tid 21342] [client 208.84.101.231:13946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/api/.env"] [unique_id "aisBbTlbUCMVJYfLxkoYhAAAAJA"]
[Thu Jun 11 15:41:49.696850 2026] [security2:error] [pid 21295:tid 21342] [client 208.84.101.231:13946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/api/.env"] [unique_id "aisBbTlbUCMVJYfLxkoYhAAAAJA"]
[Thu Jun 11 15:41:49.697243 2026] [security2:error] [pid 21295:tid 21342] [client 208.84.101.231:13946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbTlbUCMVJYfLxkoYhAAAAJA"]
[Thu Jun 11 15:41:49.702917 2026] [security2:error] [pid 5830:tid 5853] [client 208.84.101.231:13980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/laravel/.env"] [unique_id "aisBbZQ1oEsc4pCWMDPPxAAAAVI"]
[Thu Jun 11 15:41:49.703126 2026] [security2:error] [pid 5830:tid 5853] [client 208.84.101.231:13980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/laravel/.env"] [unique_id "aisBbZQ1oEsc4pCWMDPPxAAAAVI"]
[Thu Jun 11 15:41:49.703471 2026] [security2:error] [pid 5830:tid 5853] [client 208.84.101.231:13980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbZQ1oEsc4pCWMDPPxAAAAVI"]
[Thu Jun 11 15:41:49.710038 2026] [security2:error] [pid 21295:tid 21331] [client 208.84.101.231:13922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.staging"] [unique_id "aisBbTlbUCMVJYfLxkoYhgAAAIU"]
[Thu Jun 11 15:41:49.710285 2026] [security2:error] [pid 21295:tid 21331] [client 208.84.101.231:13922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.staging"] [unique_id "aisBbTlbUCMVJYfLxkoYhgAAAIU"]
[Thu Jun 11 15:41:49.710737 2026] [security2:error] [pid 21295:tid 21331] [client 208.84.101.231:13922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbTlbUCMVJYfLxkoYhgAAAIU"]
[Thu Jun 11 15:41:49.716130 2026] [security2:error] [pid 21243:tid 21265] [client 208.84.101.231:13864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.test"] [unique_id "aisBbUKTwdTIu69rj400MwAAANM"]
[Thu Jun 11 15:41:49.716348 2026] [security2:error] [pid 21243:tid 21265] [client 208.84.101.231:13864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.test"] [unique_id "aisBbUKTwdTIu69rj400MwAAANM"]
[Thu Jun 11 15:41:49.716725 2026] [security2:error] [pid 21243:tid 21265] [client 208.84.101.231:13864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbUKTwdTIu69rj400MwAAANM"]
[Thu Jun 11 15:41:49.720032 2026] [security2:error] [pid 5830:tid 5841] [client 208.84.101.231:13854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/backend/.env"] [unique_id "aisBbZQ1oEsc4pCWMDPPwwAAAUY"]
[Thu Jun 11 15:41:49.720334 2026] [security2:error] [pid 5830:tid 5841] [client 208.84.101.231:13854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/backend/.env"] [unique_id "aisBbZQ1oEsc4pCWMDPPwwAAAUY"]
[Thu Jun 11 15:41:49.720926 2026] [security2:error] [pid 5830:tid 5841] [client 208.84.101.231:13854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBbZQ1oEsc4pCWMDPPwwAAAUY"]
[Thu Jun 11 15:41:51.652050 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.copy"] [unique_id "aisBb5Q1oEsc4pCWMDPPzQAAAVY"]
[Thu Jun 11 15:41:51.652320 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.copy"] [unique_id "aisBb5Q1oEsc4pCWMDPPzQAAAVY"]
[Thu Jun 11 15:41:51.652714 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBb5Q1oEsc4pCWMDPPzQAAAVY"]
[Thu Jun 11 15:41:51.675506 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aisBb6zVaq-mvl-Hfs8IRAAAAAg"]
[Thu Jun 11 15:41:51.675916 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/FETCH_HEAD"] [unique_id "aisBb6zVaq-mvl-Hfs8IRAAAAAg"]
[Thu Jun 11 15:41:51.676648 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBb6zVaq-mvl-Hfs8IRAAAAAg"]
[Thu Jun 11 15:41:51.677501 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/config"] [unique_id "aisBb6zVaq-mvl-Hfs8IRQAAAAM"]
[Thu Jun 11 15:41:51.677777 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/config"] [unique_id "aisBb6zVaq-mvl-Hfs8IRQAAAAM"]
[Thu Jun 11 15:41:51.678160 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBb6zVaq-mvl-Hfs8IRQAAAAM"]
[Thu Jun 11 15:41:51.678292 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/HEAD"] [unique_id "aisBb04Kpjoch0F_BSrP4QAAAE4"]
[Thu Jun 11 15:41:51.678512 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/HEAD"] [unique_id "aisBb04Kpjoch0F_BSrP4QAAAE4"]
[Thu Jun 11 15:41:51.678869 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBb04Kpjoch0F_BSrP4QAAAE4"]
[Thu Jun 11 15:41:52.762895 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aisBcKzVaq-mvl-Hfs8ISAAAAAg"]
[Thu Jun 11 15:41:52.763194 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/refs/heads/main"] [unique_id "aisBcKzVaq-mvl-Hfs8ISAAAAAg"]
[Thu Jun 11 15:41:52.763631 2026] [security2:error] [pid 21296:tid 21307] [client 208.84.101.231:14026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcKzVaq-mvl-Hfs8ISAAAAAg"]
[Thu Jun 11 15:41:52.766289 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aisBcE4Kpjoch0F_BSrP5wAAAE4"]
[Thu Jun 11 15:41:52.766568 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/logs/HEAD"] [unique_id "aisBcE4Kpjoch0F_BSrP5wAAAE4"]
[Thu Jun 11 15:41:52.767031 2026] [security2:error] [pid 9918:tid 9936] [client 208.84.101.231:14520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcE4Kpjoch0F_BSrP5wAAAE4"]
[Thu Jun 11 15:41:52.799061 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aisBcJQ1oEsc4pCWMDPP0QAAAVY"]
[Thu Jun 11 15:41:52.799305 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.git/refs/heads/master"] [unique_id "aisBcJQ1oEsc4pCWMDPP0QAAAVY"]
[Thu Jun 11 15:41:52.799717 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcJQ1oEsc4pCWMDPP0QAAAVY"]
[Thu Jun 11 15:41:52.811988 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env~"] [unique_id "aisBcKzVaq-mvl-Hfs8ISQAAAAM"]
[Thu Jun 11 15:41:52.812197 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env~"] [unique_id "aisBcKzVaq-mvl-Hfs8ISQAAAAM"]
[Thu Jun 11 15:41:52.812545 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env~"] [unique_id "aisBcKzVaq-mvl-Hfs8ISQAAAAM"]
[Thu Jun 11 15:41:52.812932 2026] [security2:error] [pid 21296:tid 21303] [client 208.84.101.231:14452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcKzVaq-mvl-Hfs8ISQAAAAM"]
[Thu Jun 11 15:41:53.818791 2026] [security2:error] [pid 21295:tid 21340] [client 208.84.101.231:14832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.save"] [unique_id "aisBcTlbUCMVJYfLxkoYogAAAI4"]
[Thu Jun 11 15:41:53.819179 2026] [security2:error] [pid 21295:tid 21340] [client 208.84.101.231:14832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.save"] [unique_id "aisBcTlbUCMVJYfLxkoYogAAAI4"]
[Thu Jun 11 15:41:53.819639 2026] [security2:error] [pid 21295:tid 21340] [client 208.84.101.231:14832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcTlbUCMVJYfLxkoYogAAAI4"]
[Thu Jun 11 15:41:53.856538 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.local~"] [unique_id "aisBcZQ1oEsc4pCWMDPP1QAAAVY"]
[Thu Jun 11 15:41:53.857018 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local~"] [unique_id "aisBcZQ1oEsc4pCWMDPP1QAAAVY"]
[Thu Jun 11 15:41:53.857244 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local~"] [unique_id "aisBcZQ1oEsc4pCWMDPP1QAAAVY"]
[Thu Jun 11 15:41:53.857657 2026] [security2:error] [pid 5830:tid 5857] [client 208.84.101.231:14552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcZQ1oEsc4pCWMDPP1QAAAVY"]
[Thu Jun 11 15:41:53.860081 2026] [security2:error] [pid 21295:tid 21332] [client 208.84.101.231:14846] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.production.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYowAAAIY"]
[Thu Jun 11 15:41:53.860287 2026] [security2:error] [pid 21295:tid 21332] [client 208.84.101.231:14846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYowAAAIY"]
[Thu Jun 11 15:41:53.860500 2026] [security2:error] [pid 21295:tid 21332] [client 208.84.101.231:14846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYowAAAIY"]
[Thu Jun 11 15:41:53.861409 2026] [security2:error] [pid 5830:tid 5843] [client 208.84.101.231:14850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.orig"] [unique_id "aisBcZQ1oEsc4pCWMDPP1gAAAUg"]
[Thu Jun 11 15:41:53.861814 2026] [security2:error] [pid 5830:tid 5843] [client 208.84.101.231:14850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.orig"] [unique_id "aisBcZQ1oEsc4pCWMDPP1gAAAUg"]
[Thu Jun 11 15:41:53.861882 2026] [security2:error] [pid 9918:tid 9932] [client 208.84.101.231:14800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.orig"] [unique_id "aisBcU4Kpjoch0F_BSrP6gAAAEo"]
[Thu Jun 11 15:41:53.862092 2026] [security2:error] [pid 9918:tid 9932] [client 208.84.101.231:14800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.orig"] [unique_id "aisBcU4Kpjoch0F_BSrP6gAAAEo"]
[Thu Jun 11 15:41:53.862357 2026] [security2:error] [pid 5830:tid 5843] [client 208.84.101.231:14850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcZQ1oEsc4pCWMDPP1gAAAUg"]
[Thu Jun 11 15:41:53.862434 2026] [security2:error] [pid 9918:tid 9932] [client 208.84.101.231:14800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcU4Kpjoch0F_BSrP6gAAAEo"]
[Thu Jun 11 15:41:53.863766 2026] [security2:error] [pid 21243:tid 21266] [client 208.84.101.231:14760] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.local.backup"] [unique_id "aisBcUKTwdTIu69rj400TwAAANQ"]
[Thu Jun 11 15:41:53.863999 2026] [security2:error] [pid 21243:tid 21266] [client 208.84.101.231:14760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.backup"] [unique_id "aisBcUKTwdTIu69rj400TwAAANQ"]
[Thu Jun 11 15:41:53.864219 2026] [security2:error] [pid 21243:tid 21266] [client 208.84.101.231:14760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.backup"] [unique_id "aisBcUKTwdTIu69rj400TwAAANQ"]
[Thu Jun 11 15:41:53.864624 2026] [security2:error] [pid 21243:tid 21266] [client 208.84.101.231:14760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcUKTwdTIu69rj400TwAAANQ"]
[Thu Jun 11 15:41:53.866478 2026] [security2:error] [pid 21295:tid 21330] [client 208.84.101.231:14830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.production.backup"] [unique_id "aisBcTlbUCMVJYfLxkoYpAAAAIQ"]
[Thu Jun 11 15:41:53.866729 2026] [security2:error] [pid 21295:tid 21330] [client 208.84.101.231:14830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.backup"] [unique_id "aisBcTlbUCMVJYfLxkoYpAAAAIQ"]
[Thu Jun 11 15:41:53.867032 2026] [security2:error] [pid 21295:tid 21330] [client 208.84.101.231:14830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.backup"] [unique_id "aisBcTlbUCMVJYfLxkoYpAAAAIQ"]
[Thu Jun 11 15:41:53.867478 2026] [security2:error] [pid 9918:tid 9937] [client 208.84.101.231:14740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.orig"] [unique_id "aisBcU4Kpjoch0F_BSrP6wAAAE8"]
[Thu Jun 11 15:41:53.867520 2026] [security2:error] [pid 21295:tid 21330] [client 208.84.101.231:14830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcTlbUCMVJYfLxkoYpAAAAIQ"]
[Thu Jun 11 15:41:53.867708 2026] [security2:error] [pid 9918:tid 9937] [client 208.84.101.231:14740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.orig"] [unique_id "aisBcU4Kpjoch0F_BSrP6wAAAE8"]
[Thu Jun 11 15:41:53.868068 2026] [security2:error] [pid 9918:tid 9937] [client 208.84.101.231:14740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcU4Kpjoch0F_BSrP6wAAAE8"]
[Thu Jun 11 15:41:53.868674 2026] [security2:error] [pid 3902:tid 3909] [client 208.84.101.231:14766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.save"] [unique_id "aisBcf8lKn4qdPkDWlAQSAAAAQA"]
[Thu Jun 11 15:41:53.869124 2026] [security2:error] [pid 3902:tid 3909] [client 208.84.101.231:14766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.save"] [unique_id "aisBcf8lKn4qdPkDWlAQSAAAAQA"]
[Thu Jun 11 15:41:53.869506 2026] [security2:error] [pid 3902:tid 3909] [client 208.84.101.231:14766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcf8lKn4qdPkDWlAQSAAAAQA"]
[Thu Jun 11 15:41:53.870430 2026] [security2:error] [pid 21295:tid 21346] [client 208.84.101.231:14796] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.local.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYpQAAAJQ"]
[Thu Jun 11 15:41:53.871468 2026] [security2:error] [pid 5830:tid 5848] [client 208.84.101.231:14822] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisBcZQ1oEsc4pCWMDPP1wAAAU0"]
[Thu Jun 11 15:41:53.871470 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14704] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.local.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITgAAAAs"]
[Thu Jun 11 15:41:53.871708 2026] [security2:error] [pid 5830:tid 5848] [client 208.84.101.231:14822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisBcZQ1oEsc4pCWMDPP1wAAAU0"]
[Thu Jun 11 15:41:53.871724 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITgAAAAs"]
[Thu Jun 11 15:41:53.871967 2026] [security2:error] [pid 5830:tid 5848] [client 208.84.101.231:14822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisBcZQ1oEsc4pCWMDPP1wAAAU0"]
[Thu Jun 11 15:41:53.872111 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITgAAAAs"]
[Thu Jun 11 15:41:53.872307 2026] [security2:error] [pid 5830:tid 5848] [client 208.84.101.231:14822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcZQ1oEsc4pCWMDPP1wAAAU0"]
[Thu Jun 11 15:41:53.872520 2026] [security2:error] [pid 21296:tid 21310] [client 208.84.101.231:14704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcazVaq-mvl-Hfs8ITgAAAAs"]
[Thu Jun 11 15:41:53.872667 2026] [security2:error] [pid 3902:tid 3921] [client 208.84.101.231:14690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.copy"] [unique_id "aisBcf8lKn4qdPkDWlAQSQAAAQw"]
[Thu Jun 11 15:41:53.872899 2026] [security2:error] [pid 3902:tid 3921] [client 208.84.101.231:14690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.copy"] [unique_id "aisBcf8lKn4qdPkDWlAQSQAAAQw"]
[Thu Jun 11 15:41:53.873258 2026] [security2:error] [pid 3902:tid 3921] [client 208.84.101.231:14690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcf8lKn4qdPkDWlAQSQAAAQw"]
[Thu Jun 11 15:41:53.873406 2026] [security2:error] [pid 21295:tid 21346] [client 208.84.101.231:14796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYpQAAAJQ"]
[Thu Jun 11 15:41:53.873634 2026] [security2:error] [pid 21295:tid 21346] [client 208.84.101.231:14796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.swp"] [unique_id "aisBcTlbUCMVJYfLxkoYpQAAAJQ"]
[Thu Jun 11 15:41:53.873714 2026] [security2:error] [pid 9918:tid 9935] [client 208.84.101.231:14694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.copy"] [unique_id "aisBcU4Kpjoch0F_BSrP7AAAAE0"]
[Thu Jun 11 15:41:53.873914 2026] [security2:error] [pid 9918:tid 9935] [client 208.84.101.231:14694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.copy"] [unique_id "aisBcU4Kpjoch0F_BSrP7AAAAE0"]
[Thu Jun 11 15:41:53.873955 2026] [security2:error] [pid 21295:tid 21346] [client 208.84.101.231:14796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcTlbUCMVJYfLxkoYpQAAAJQ"]
[Thu Jun 11 15:41:53.874288 2026] [security2:error] [pid 9918:tid 9935] [client 208.84.101.231:14694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcU4Kpjoch0F_BSrP7AAAAE0"]
[Thu Jun 11 15:41:53.875200 2026] [security2:error] [pid 21296:tid 21312] [client 208.84.101.231:14826] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.production.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITwAAAA0"]
[Thu Jun 11 15:41:53.875409 2026] [security2:error] [pid 21296:tid 21312] [client 208.84.101.231:14826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITwAAAA0"]
[Thu Jun 11 15:41:53.876705 2026] [security2:error] [pid 3902:tid 3910] [client 208.84.101.231:14836] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.production~"] [unique_id "aisBcf8lKn4qdPkDWlAQSgAAAQE"]
[Thu Jun 11 15:41:53.876931 2026] [security2:error] [pid 3902:tid 3910] [client 208.84.101.231:14836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.production~"] [unique_id "aisBcf8lKn4qdPkDWlAQSgAAAQE"]
[Thu Jun 11 15:41:53.877131 2026] [security2:error] [pid 3902:tid 3910] [client 208.84.101.231:14836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production~"] [unique_id "aisBcf8lKn4qdPkDWlAQSgAAAQE"]
[Thu Jun 11 15:41:53.877449 2026] [security2:error] [pid 3902:tid 3910] [client 208.84.101.231:14836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcf8lKn4qdPkDWlAQSgAAAQE"]
[Thu Jun 11 15:41:53.877901 2026] [security2:error] [pid 21296:tid 21306] [client 208.84.101.231:14716] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.swp"] [unique_id "aisBcazVaq-mvl-Hfs8ITQAAAAc"]
[Thu Jun 11 15:41:53.881343 2026] [security2:error] [pid 21243:tid 21264] [client 208.84.101.231:14746] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "upport.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisBcUKTwdTIu69rj400UAAAANI"]
[Thu Jun 11 15:41:53.881614 2026] [security2:error] [pid 21243:tid 21264] [client 208.84.101.231:14746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisBcUKTwdTIu69rj400UAAAANI"]
[Thu Jun 11 15:41:53.881842 2026] [security2:error] [pid 21243:tid 21264] [client 208.84.101.231:14746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisBcUKTwdTIu69rj400UAAAANI"]
[Thu Jun 11 15:41:53.882284 2026] [security2:error] [pid 21243:tid 21264] [client 208.84.101.231:14746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcUKTwdTIu69rj400UAAAANI"]
[Thu Jun 11 15:41:53.882395 2026] [security2:error] [pid 21296:tid 21312] [client 208.84.101.231:14826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.production.old"] [unique_id "aisBcazVaq-mvl-Hfs8ITwAAAA0"]
[Thu Jun 11 15:41:53.882784 2026] [security2:error] [pid 21296:tid 21312] [client 208.84.101.231:14826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcazVaq-mvl-Hfs8ITwAAAA0"]
[Thu Jun 11 15:41:53.883151 2026] [security2:error] [pid 21295:tid 21332] [client 208.84.101.231:14846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcTlbUCMVJYfLxkoYowAAAIY"]
[Thu Jun 11 15:41:53.884533 2026] [security2:error] [pid 21296:tid 21306] [client 208.84.101.231:14716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "upport.machen.ai"] [uri "/.env.swp"] [unique_id "aisBcazVaq-mvl-Hfs8ITQAAAAc"]
[Thu Jun 11 15:41:53.884836 2026] [security2:error] [pid 21296:tid 21306] [client 208.84.101.231:14716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "upport.machen.ai"] [uri "/.env.swp"] [unique_id "aisBcazVaq-mvl-Hfs8ITQAAAAc"]
[Thu Jun 11 15:41:53.885438 2026] [security2:error] [pid 21296:tid 21306] [client 208.84.101.231:14716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "upport.machen.ai"] [uri "/index.html"] [unique_id "aisBcazVaq-mvl-Hfs8ITQAAAAc"]
[Thu Jun 11 15:41:59.326033 2026] [security2:error] [pid 21296:tid 21319] [client 84.32.70.207:53506] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisBd6zVaq-mvl-Hfs8IWAAAABQ"]
[Thu Jun 11 15:41:59.326149 2026] [security2:error] [pid 21296:tid 21319] [client 84.32.70.207:53506] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisBd6zVaq-mvl-Hfs8IWAAAABQ"]
[Thu Jun 11 15:41:59.326793 2026] [security2:error] [pid 21296:tid 21319] [client 84.32.70.207:53506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisBd6zVaq-mvl-Hfs8IWAAAABQ"]
[Thu Jun 11 15:41:59.327135 2026] [security2:error] [pid 21296:tid 21319] [client 84.32.70.207:53506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisBd6zVaq-mvl-Hfs8IWAAAABQ"]
[Thu Jun 11 15:43:37.917744 2026] [security2:error] [pid 21243:tid 21253] [client 45.156.129.130:40608] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisB2UKTwdTIu69rj402CgAAAMc"], referer: http://13.84.161.190/
[Thu Jun 11 15:43:41.138163 2026] [security2:error] [pid 21296:tid 21321] [client 45.156.129.130:40610] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/showLogin.cc"] [unique_id "aisB3azVaq-mvl-Hfs8JeAAAABY"], referer: http://13.84.161.190/showLogin.cc
[Thu Jun 11 15:44:23.772076 2026] [security2:error] [pid 21243:tid 21266] [client 84.32.70.207:43992] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisCB0KTwdTIu69rj402dQAAANQ"]
[Thu Jun 11 15:44:23.772166 2026] [security2:error] [pid 21243:tid 21266] [client 84.32.70.207:43992] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisCB0KTwdTIu69rj402dQAAANQ"]
[Thu Jun 11 15:44:23.772683 2026] [security2:error] [pid 21243:tid 21266] [client 84.32.70.207:43992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisCB0KTwdTIu69rj402dQAAANQ"]
[Thu Jun 11 15:44:24.428776 2026] [security2:error] [pid 21243:tid 21266] [client 84.32.70.207:43992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisCB0KTwdTIu69rj402dQAAANQ"]
[Thu Jun 11 15:45:47.667867 2026] [security2:error] [pid 3902:tid 3917] [client 167.71.236.161:48936] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisCW_8lKn4qdPkDWlATGQAAAQg"]
[Thu Jun 11 15:45:54.358687 2026] [security2:error] [pid 3902:tid 3914] [client 167.71.236.161:43170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aisCYv8lKn4qdPkDWlATHAAAAQU"], referer: https://13.84.161.190/
[Thu Jun 11 15:47:24.713045 2026] [security2:error] [pid 5830:tid 5847] [client 78.153.140.250:56984] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisCvJQ1oEsc4pCWMDPV4gAAAUw"]
[Thu Jun 11 15:47:24.713396 2026] [security2:error] [pid 5830:tid 5847] [client 78.153.140.250:56984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisCvJQ1oEsc4pCWMDPV4gAAAUw"]
[Thu Jun 11 15:47:24.713762 2026] [security2:error] [pid 5830:tid 5847] [client 78.153.140.250:56984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisCvJQ1oEsc4pCWMDPV4gAAAUw"]
[Thu Jun 11 15:47:24.714010 2026] [security2:error] [pid 5830:tid 5847] [client 78.153.140.250:56984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisCvJQ1oEsc4pCWMDPV4gAAAUw"]
[Thu Jun 11 15:47:25.403271 2026] [security2:error] [pid 9918:tid 9935] [client 78.153.140.250:56986] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisCvU4Kpjoch0F_BSrVWwAAAE0"]
[Thu Jun 11 15:47:46.580684 2026] [security2:error] [pid 3902:tid 3922] [client 43.166.130.123:41772] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "aisC0v8lKn4qdPkDWlAUHQAAAQ0"]
[Thu Jun 11 15:54:22.840839 2026] [:error] [pid 9918:tid 9943] [client 145.239.10.137:41002] File does not exist: /disk001/sonne/public_html/comment.php, referer: http://sonneconsultoria.com.br/comment.php
[Thu Jun 11 15:54:41.087914 2026] [security2:error] [pid 9918:tid 9946] [client 77.83.39.54:41432] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisEcU4Kpjoch0F_BSrajwAAAFg"]
[Thu Jun 11 15:54:41.088058 2026] [security2:error] [pid 9918:tid 9946] [client 77.83.39.54:41432] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisEcU4Kpjoch0F_BSrajwAAAFg"]
[Thu Jun 11 15:54:41.088357 2026] [security2:error] [pid 9918:tid 9946] [client 77.83.39.54:41432] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisEcU4Kpjoch0F_BSrajwAAAFg"]
[Thu Jun 11 15:54:41.088767 2026] [security2:error] [pid 9918:tid 9946] [client 77.83.39.54:41432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisEcU4Kpjoch0F_BSrajwAAAFg"]
[Thu Jun 11 15:54:41.089174 2026] [security2:error] [pid 9918:tid 9946] [client 77.83.39.54:41432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisEcU4Kpjoch0F_BSrajwAAAFg"]
[Thu Jun 11 15:55:03.928701 2026] [security2:error] [pid 21243:tid 21250] [client 43.157.170.13:57102] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/x-cp-cizMTE9G.php"] [unique_id "aisEh0KTwdTIu69rj40_7QAAAMQ"]
[Thu Jun 11 15:55:14.190832 2026] [security2:error] [pid 21295:tid 21334] [client 77.83.39.54:46114] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEkjlbUCMVJYfLxkolbwAAAIg"]
[Thu Jun 11 15:55:14.191084 2026] [security2:error] [pid 21295:tid 21334] [client 77.83.39.54:46114] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEkjlbUCMVJYfLxkolbwAAAIg"]
[Thu Jun 11 15:55:14.191233 2026] [security2:error] [pid 21295:tid 21334] [client 77.83.39.54:46114] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEkjlbUCMVJYfLxkolbwAAAIg"]
[Thu Jun 11 15:55:14.191503 2026] [security2:error] [pid 21295:tid 21334] [client 77.83.39.54:46114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEkjlbUCMVJYfLxkolbwAAAIg"]
[Thu Jun 11 15:55:14.674453 2026] [security2:error] [pid 21295:tid 21334] [client 77.83.39.54:46114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisEkjlbUCMVJYfLxkolbwAAAIg"]
[Thu Jun 11 15:55:29.522231 2026] [security2:error] [pid 3902:tid 3914] [client 77.83.39.54:48644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEof8lKn4qdPkDWlAaxQAAAQU"]
[Thu Jun 11 15:55:29.522421 2026] [security2:error] [pid 3902:tid 3914] [client 77.83.39.54:48644] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEof8lKn4qdPkDWlAaxQAAAQU"]
[Thu Jun 11 15:55:29.522684 2026] [security2:error] [pid 3902:tid 3914] [client 77.83.39.54:48644] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEof8lKn4qdPkDWlAaxQAAAQU"]
[Thu Jun 11 15:55:29.522992 2026] [security2:error] [pid 3902:tid 3914] [client 77.83.39.54:48644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aisEof8lKn4qdPkDWlAaxQAAAQU"]
[Thu Jun 11 15:55:30.084871 2026] [security2:error] [pid 3902:tid 3914] [client 77.83.39.54:48644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisEof8lKn4qdPkDWlAaxQAAAQU"]
[Thu Jun 11 15:59:56.841189 2026] [security2:error] [pid 3902:tid 3933] [client 78.153.140.50:47008] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisFrP8lKn4qdPkDWlAdZwAAARg"]
[Thu Jun 11 15:59:56.841488 2026] [security2:error] [pid 3902:tid 3933] [client 78.153.140.50:47008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisFrP8lKn4qdPkDWlAdZwAAARg"]
[Thu Jun 11 15:59:56.841850 2026] [security2:error] [pid 3902:tid 3933] [client 78.153.140.50:47008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisFrP8lKn4qdPkDWlAdZwAAARg"]
[Thu Jun 11 15:59:56.954325 2026] [security2:error] [pid 3902:tid 3933] [client 78.153.140.50:47008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisFrP8lKn4qdPkDWlAdZwAAARg"]
[Thu Jun 11 15:59:57.768132 2026] [security2:error] [pid 3902:tid 3917] [client 78.153.140.50:47010] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisFrf8lKn4qdPkDWlAdaAAAAQg"]
[Thu Jun 11 16:01:33.360115 2026] [security2:error] [pid 9918:tid 9946] [client 45.148.10.67:51206] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisGDU4Kpjoch0F_BSrhlgAAAFg"]
[Thu Jun 11 16:01:33.747205 2026] [security2:error] [pid 21295:tid 21326] [client 45.148.10.67:51216] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisGDTlbUCMVJYfLxkorSwAAAIA"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 16:07:47.520195 2026] [security2:error] [pid 3902:tid 3919] [client 107.150.110.19:52946] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg_8lKn4qdPkDWlAjkwAAAQo"]
[Thu Jun 11 16:07:47.520417 2026] [security2:error] [pid 3902:tid 3919] [client 107.150.110.19:52946] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg_8lKn4qdPkDWlAjkwAAAQo"]
[Thu Jun 11 16:07:47.520931 2026] [security2:error] [pid 3902:tid 3919] [client 107.150.110.19:52946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg_8lKn4qdPkDWlAjkwAAAQo"]
[Thu Jun 11 16:07:47.521796 2026] [security2:error] [pid 3902:tid 3919] [client 107.150.110.19:52946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHg_8lKn4qdPkDWlAjkwAAAQo"]
[Thu Jun 11 16:07:47.695118 2026] [security2:error] [pid 21243:tid 21253] [client 107.150.110.19:54732] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg0KTwdTIu69rj41L_QAAAMc"]
[Thu Jun 11 16:07:47.695326 2026] [security2:error] [pid 21243:tid 21253] [client 107.150.110.19:54732] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg0KTwdTIu69rj41L_QAAAMc"]
[Thu Jun 11 16:07:47.696057 2026] [security2:error] [pid 21243:tid 21253] [client 107.150.110.19:54732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHg0KTwdTIu69rj41L_QAAAMc"]
[Thu Jun 11 16:07:47.696426 2026] [security2:error] [pid 21243:tid 21253] [client 107.150.110.19:54732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHg0KTwdTIu69rj41L_QAAAMc"]
[Thu Jun 11 16:07:47.701526 2026] [security2:error] [pid 21296:tid 21310] [client 107.150.110.19:52960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg6zVaq-mvl-Hfs8c8QAAAAs"]
[Thu Jun 11 16:07:47.701701 2026] [security2:error] [pid 21296:tid 21310] [client 107.150.110.19:52960] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg6zVaq-mvl-Hfs8c8QAAAAs"]
[Thu Jun 11 16:07:47.702001 2026] [security2:error] [pid 21296:tid 21310] [client 107.150.110.19:52960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg6zVaq-mvl-Hfs8c8QAAAAs"]
[Thu Jun 11 16:07:47.702816 2026] [security2:error] [pid 21296:tid 21310] [client 107.150.110.19:52960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHg6zVaq-mvl-Hfs8c8QAAAAs"]
[Thu Jun 11 16:07:47.829634 2026] [security2:error] [pid 5830:tid 5856] [client 107.150.110.19:54742] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg5Q1oEsc4pCWMDPqlwAAAVU"]
[Thu Jun 11 16:07:47.829771 2026] [security2:error] [pid 5830:tid 5856] [client 107.150.110.19:54742] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg5Q1oEsc4pCWMDPqlwAAAVU"]
[Thu Jun 11 16:07:47.830110 2026] [security2:error] [pid 5830:tid 5856] [client 107.150.110.19:54742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHg5Q1oEsc4pCWMDPqlwAAAVU"]
[Thu Jun 11 16:07:47.830389 2026] [security2:error] [pid 5830:tid 5856] [client 107.150.110.19:54742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHg5Q1oEsc4pCWMDPqlwAAAVU"]
[Thu Jun 11 16:08:55.358114 2026] [security2:error] [pid 21243:tid 21269] [client 165.154.163.65:44592] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx0KTwdTIu69rj41M5QAAANc"]
[Thu Jun 11 16:08:55.358263 2026] [security2:error] [pid 21243:tid 21269] [client 165.154.163.65:44592] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx0KTwdTIu69rj41M5QAAANc"]
[Thu Jun 11 16:08:55.358675 2026] [security2:error] [pid 21243:tid 21269] [client 165.154.163.65:44592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx0KTwdTIu69rj41M5QAAANc"]
[Thu Jun 11 16:08:55.359536 2026] [security2:error] [pid 21243:tid 21269] [client 165.154.163.65:44592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHx0KTwdTIu69rj41M5QAAANc"]
[Thu Jun 11 16:08:55.557624 2026] [security2:error] [pid 9918:tid 9928] [client 165.154.163.65:35950] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx04Kpjoch0F_BSrnyAAAAEY"]
[Thu Jun 11 16:08:55.557788 2026] [security2:error] [pid 9918:tid 9928] [client 165.154.163.65:35950] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx04Kpjoch0F_BSrnyAAAAEY"]
[Thu Jun 11 16:08:55.558199 2026] [security2:error] [pid 9918:tid 9928] [client 165.154.163.65:35950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisHx04Kpjoch0F_BSrnyAAAAEY"]
[Thu Jun 11 16:08:55.558440 2026] [security2:error] [pid 9918:tid 9928] [client 165.154.163.65:35950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHx04Kpjoch0F_BSrnyAAAAEY"]
[Thu Jun 11 16:08:55.562474 2026] [security2:error] [pid 5830:tid 5842] [client 165.154.163.65:44598] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHx5Q1oEsc4pCWMDPrRAAAAUc"]
[Thu Jun 11 16:08:55.562628 2026] [security2:error] [pid 5830:tid 5842] [client 165.154.163.65:44598] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHx5Q1oEsc4pCWMDPrRAAAAUc"]
[Thu Jun 11 16:08:55.562895 2026] [security2:error] [pid 5830:tid 5842] [client 165.154.163.65:44598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHx5Q1oEsc4pCWMDPrRAAAAUc"]
[Thu Jun 11 16:08:55.563867 2026] [security2:error] [pid 5830:tid 5842] [client 165.154.163.65:44598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHx5Q1oEsc4pCWMDPrRAAAAUc"]
[Thu Jun 11 16:08:55.701915 2026] [security2:error] [pid 21295:tid 21327] [client 165.154.163.65:35960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHxzlbUCMVJYfLxkoz9gAAAIE"]
[Thu Jun 11 16:08:55.702230 2026] [security2:error] [pid 21295:tid 21327] [client 165.154.163.65:35960] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHxzlbUCMVJYfLxkoz9gAAAIE"]
[Thu Jun 11 16:08:55.702644 2026] [security2:error] [pid 21295:tid 21327] [client 165.154.163.65:35960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisHxzlbUCMVJYfLxkoz9gAAAIE"]
[Thu Jun 11 16:08:55.702892 2026] [security2:error] [pid 21295:tid 21327] [client 165.154.163.65:35960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisHxzlbUCMVJYfLxkoz9gAAAIE"]
[Thu Jun 11 16:11:02.995677 2026] [security2:error] [pid 3902:tid 3925] [client 107.150.110.19:60782] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisIRv8lKn4qdPkDWlAlhAAAARA"]
[Thu Jun 11 16:11:03.053163 2026] [security2:error] [pid 21296:tid 21317] [client 107.150.110.19:43392] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisIR6zVaq-mvl-Hfs8fUAAAABI"]
[Thu Jun 11 16:11:03.090485 2026] [security2:error] [pid 21296:tid 21317] [client 107.150.110.19:43392] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisIR6zVaq-mvl-Hfs8fUQAAABI"], referer: https://13.66.22.226:443/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 16:11:58.591872 2026] [security2:error] [pid 3902:tid 3917] [client 165.154.163.65:51946] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisIfv8lKn4qdPkDWlAm3gAAAQg"]
[Thu Jun 11 16:11:58.794316 2026] [security2:error] [pid 21296:tid 21315] [client 165.154.163.65:51580] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aisIfqzVaq-mvl-Hfs8gSwAAABA"]
[Thu Jun 11 16:11:58.831414 2026] [security2:error] [pid 21296:tid 21315] [client 165.154.163.65:51580] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisIfqzVaq-mvl-Hfs8gTAAAABA"], referer: https://13.66.22.226:443/favicon.ico
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 16:22:28.897899 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisK9JQ1oEsc4pCWMDP2LwAAAVA"]
[Thu Jun 11 16:22:29.149073 2026] [security2:error] [pid 21296:tid 21301] [client 162.220.232.148:37702] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisK9azVaq-mvl-Hfs8qqQAAAAE"]
[Thu Jun 11 16:22:29.618751 2026] [security2:error] [pid 21296:tid 21301] [client 162.220.232.148:37702] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisK9azVaq-mvl-Hfs8qrAAAAAE"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 16:22:29.889764 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisK9ZQ1oEsc4pCWMDP2MgAAAVA"]
[Thu Jun 11 16:22:30.990553 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/library/.env"] [unique_id "aisK9pQ1oEsc4pCWMDP2NQAAAVA"]
[Thu Jun 11 16:22:30.990824 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/library/.env"] [unique_id "aisK9pQ1oEsc4pCWMDP2NQAAAVA"]
[Thu Jun 11 16:22:30.991107 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/library/.env"] [unique_id "aisK9pQ1oEsc4pCWMDP2NQAAAVA"]
[Thu Jun 11 16:22:30.991868 2026] [security2:error] [pid 5830:tid 5851] [client 162.220.232.148:33960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK9pQ1oEsc4pCWMDP2NQAAAVA"]
[Thu Jun 11 16:22:34.532868 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisK-v8lKn4qdPkDWlAuSwAAAQ4"]
[Thu Jun 11 16:22:34.533108 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisK-v8lKn4qdPkDWlAuSwAAAQ4"]
[Thu Jun 11 16:22:34.533405 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisK-v8lKn4qdPkDWlAuSwAAAQ4"]
[Thu Jun 11 16:22:34.534385 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-v8lKn4qdPkDWlAuSwAAAQ4"]
[Thu Jun 11 16:22:34.535670 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qwwAAAAs"]
[Thu Jun 11 16:22:34.535901 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qwwAAAAs"]
[Thu Jun 11 16:22:34.536097 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qwwAAAAs"]
[Thu Jun 11 16:22:34.541466 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nuxt.config.js"] [unique_id "aisK-pQ1oEsc4pCWMDP2PAAAAUU"]
[Thu Jun 11 16:22:34.543193 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/blog/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cgAAAEM"]
[Thu Jun 11 16:22:34.543560 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/blog/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cgAAAEM"]
[Thu Jun 11 16:22:34.543719 2026] [security2:error] [pid 21295:tid 21345] [client 162.220.232.148:34458] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sitemap.xml"] [unique_id "aisK-jlbUCMVJYfLxko_GAAAAJM"]
[Thu Jun 11 16:22:34.544008 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/blog/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cgAAAEM"]
[Thu Jun 11 16:22:34.545028 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1cgAAAEM"]
[Thu Jun 11 16:22:34.548238 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v2/swagger.json"] [unique_id "aisK-kKTwdTIu69rj41bOAAAAM4"]
[Thu Jun 11 16:22:34.552545 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test.php"] [unique_id "aisK-pQ1oEsc4pCWMDP2PQAAAVE"]
[Thu Jun 11 16:22:34.553034 2026] [:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] File does not exist: /var/www/html/test.php
[Thu Jun 11 16:22:34.555034 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisK-jlbUCMVJYfLxko_GQAAAIg"]
[Thu Jun 11 16:22:34.555122 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisK-jlbUCMVJYfLxko_GQAAAIg"]
[Thu Jun 11 16:22:34.555500 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisK-jlbUCMVJYfLxko_GQAAAIg"]
[Thu Jun 11 16:22:34.556083 2026] [security2:error] [pid 21296:tid 21318] [client 162.220.232.148:34478] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qxAAAABM"]
[Thu Jun 11 16:22:34.556265 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-jlbUCMVJYfLxko_GQAAAIg"]
[Thu Jun 11 16:22:34.556290 2026] [security2:error] [pid 21296:tid 21318] [client 162.220.232.148:34478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qxAAAABM"]
[Thu Jun 11 16:22:34.556593 2026] [security2:error] [pid 21296:tid 21318] [client 162.220.232.148:34478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qxAAAABM"]
[Thu Jun 11 16:22:34.557841 2026] [security2:error] [pid 21296:tid 21318] [client 162.220.232.148:34478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qxAAAABM"]
[Thu Jun 11 16:22:34.558015 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qwwAAAAs"]
[Thu Jun 11 16:22:34.558856 2026] [security2:error] [pid 21243:tid 21270] [client 162.220.232.148:34508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisK-kKTwdTIu69rj41bOQAAANg"]
[Thu Jun 11 16:22:34.558906 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel.log"] [unique_id "aisK-v8lKn4qdPkDWlAuTAAAAQs"]
[Thu Jun 11 16:22:34.558982 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel.log"] [unique_id "aisK-v8lKn4qdPkDWlAuTAAAAQs"]
[Thu Jun 11 16:22:34.559045 2026] [security2:error] [pid 21243:tid 21270] [client 162.220.232.148:34508] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisK-kKTwdTIu69rj41bOQAAANg"]
[Thu Jun 11 16:22:34.559352 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel.log"] [unique_id "aisK-v8lKn4qdPkDWlAuTAAAAQs"]
[Thu Jun 11 16:22:34.559328 2026] [security2:error] [pid 21243:tid 21270] [client 162.220.232.148:34508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisK-kKTwdTIu69rj41bOQAAANg"]
[Thu Jun 11 16:22:34.560230 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-v8lKn4qdPkDWlAuTAAAAQs"]
[Thu Jun 11 16:22:34.560319 2026] [security2:error] [pid 21243:tid 21270] [client 162.220.232.148:34508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bOQAAANg"]
[Thu Jun 11 16:22:34.561116 2026] [security2:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Adminer.php"] [unique_id "aisK-pQ1oEsc4pCWMDP2PgAAAUw"]
[Thu Jun 11 16:22:34.561290 2026] [security2:error] [pid 9918:tid 9934] [client 162.220.232.148:34510] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cwAAAEw"]
[Thu Jun 11 16:22:34.561483 2026] [:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] File does not exist: /var/www/html/Adminer.php
[Thu Jun 11 16:22:34.561528 2026] [security2:error] [pid 9918:tid 9934] [client 162.220.232.148:34510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/docker/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cwAAAEw"]
[Thu Jun 11 16:22:34.563476 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1dAAAAEY"]
[Thu Jun 11 16:22:34.563730 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1dAAAAEY"]
[Thu Jun 11 16:22:34.563941 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1dAAAAEY"]
[Thu Jun 11 16:22:34.564944 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1dAAAAEY"]
[Thu Jun 11 16:22:34.565908 2026] [security2:error] [pid 3902:tid 3926] [client 162.220.232.148:34574] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/openapi.json"] [unique_id "aisK-v8lKn4qdPkDWlAuTQAAARE"]
[Thu Jun 11 16:22:34.566626 2026] [security2:error] [pid 21296:tid 21316] [client 162.220.232.148:34520] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisK-qzVaq-mvl-Hfs8qxgAAABE"]
[Thu Jun 11 16:22:34.566814 2026] [security2:error] [pid 21296:tid 21316] [client 162.220.232.148:34520] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisK-qzVaq-mvl-Hfs8qxgAAABE"]
[Thu Jun 11 16:22:34.567126 2026] [security2:error] [pid 21296:tid 21316] [client 162.220.232.148:34520] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisK-qzVaq-mvl-Hfs8qxgAAABE"]
[Thu Jun 11 16:22:34.567970 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisK-pQ1oEsc4pCWMDP2PwAAAUM"]
[Thu Jun 11 16:22:34.568104 2026] [security2:error] [pid 21295:tid 21327] [client 162.220.232.148:34546] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpmyadmin/index.php"] [unique_id "aisK-jlbUCMVJYfLxko_GgAAAIE"]
[Thu Jun 11 16:22:34.568193 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisK-pQ1oEsc4pCWMDP2PwAAAUM"]
[Thu Jun 11 16:22:34.568853 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisK-pQ1oEsc4pCWMDP2PwAAAUM"]
[Thu Jun 11 16:22:34.569672 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-pQ1oEsc4pCWMDP2PwAAAUM"]
[Thu Jun 11 16:22:34.570322 2026] [security2:error] [pid 21243:tid 21257] [client 162.220.232.148:34554] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/audio/.env"] [unique_id "aisK-kKTwdTIu69rj41bOgAAAMs"]
[Thu Jun 11 16:22:34.570554 2026] [security2:error] [pid 21243:tid 21257] [client 162.220.232.148:34554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /audio/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/audio/.env"] [unique_id "aisK-kKTwdTIu69rj41bOgAAAMs"]
[Thu Jun 11 16:22:34.570638 2026] [security2:error] [pid 21295:tid 21332] [client 162.220.232.148:34568] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.json"] [unique_id "aisK-jlbUCMVJYfLxko_GwAAAIY"]
[Thu Jun 11 16:22:34.570871 2026] [security2:error] [pid 9918:tid 9934] [client 162.220.232.148:34510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/docker/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1cwAAAEw"]
[Thu Jun 11 16:22:34.572045 2026] [security2:error] [pid 9918:tid 9934] [client 162.220.232.148:34510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1cwAAAEw"]
[Thu Jun 11 16:22:34.572428 2026] [security2:error] [pid 21243:tid 21257] [client 162.220.232.148:34554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/audio/.env"] [unique_id "aisK-kKTwdTIu69rj41bOgAAAMs"]
[Thu Jun 11 16:22:34.573812 2026] [security2:error] [pid 9918:tid 9932] [client 162.220.232.148:34608] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/horizon/api/workload"] [unique_id "aisK-k4Kpjoch0F_BSr1dQAAAEo"]
[Thu Jun 11 16:22:34.575176 2026] [security2:error] [pid 21296:tid 21316] [client 162.220.232.148:34520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisK-qzVaq-mvl-Hfs8qxgAAABE"]
[Thu Jun 11 16:22:34.576166 2026] [security2:error] [pid 5830:tid 5843] [client 162.220.232.148:34638] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisK-pQ1oEsc4pCWMDP2QAAAAUg"]
[Thu Jun 11 16:22:34.576249 2026] [security2:error] [pid 5830:tid 5843] [client 162.220.232.148:34638] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisK-pQ1oEsc4pCWMDP2QAAAAUg"]
[Thu Jun 11 16:22:34.576737 2026] [security2:error] [pid 3902:tid 3918] [client 162.220.232.148:34624] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuTgAAAQk"]
[Thu Jun 11 16:22:34.576772 2026] [security2:error] [pid 5830:tid 5843] [client 162.220.232.148:34638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisK-pQ1oEsc4pCWMDP2QAAAAUg"]
[Thu Jun 11 16:22:34.576934 2026] [security2:error] [pid 3902:tid 3918] [client 162.220.232.148:34624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuTgAAAQk"]
[Thu Jun 11 16:22:34.577127 2026] [security2:error] [pid 3902:tid 3918] [client 162.220.232.148:34624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuTgAAAQk"]
[Thu Jun 11 16:22:34.577957 2026] [security2:error] [pid 3902:tid 3918] [client 162.220.232.148:34624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-v8lKn4qdPkDWlAuTgAAAQk"]
[Thu Jun 11 16:22:34.578085 2026] [security2:error] [pid 5830:tid 5843] [client 162.220.232.148:34638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-pQ1oEsc4pCWMDP2QAAAAUg"]
[Thu Jun 11 16:22:34.578879 2026] [security2:error] [pid 21295:tid 21335] [client 162.220.232.148:34640] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.txt"] [unique_id "aisK-jlbUCMVJYfLxko_HAAAAIk"]
[Thu Jun 11 16:22:34.579088 2026] [security2:error] [pid 21295:tid 21335] [client 162.220.232.148:34640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.txt"] [unique_id "aisK-jlbUCMVJYfLxko_HAAAAIk"]
[Thu Jun 11 16:22:34.579305 2026] [security2:error] [pid 21295:tid 21335] [client 162.220.232.148:34640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.txt"] [unique_id "aisK-jlbUCMVJYfLxko_HAAAAIk"]
[Thu Jun 11 16:22:34.579448 2026] [security2:error] [pid 9918:tid 9946] [client 162.220.232.148:34660] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dgAAAFg"]
[Thu Jun 11 16:22:34.579544 2026] [security2:error] [pid 9918:tid 9946] [client 162.220.232.148:34660] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dgAAAFg"]
[Thu Jun 11 16:22:34.579746 2026] [security2:error] [pid 9918:tid 9946] [client 162.220.232.148:34660] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dgAAAFg"]
[Thu Jun 11 16:22:34.580102 2026] [security2:error] [pid 9918:tid 9946] [client 162.220.232.148:34660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dgAAAFg"]
[Thu Jun 11 16:22:34.580207 2026] [security2:error] [pid 21295:tid 21335] [client 162.220.232.148:34640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-jlbUCMVJYfLxko_HAAAAIk"]
[Thu Jun 11 16:22:34.581396 2026] [security2:error] [pid 9918:tid 9946] [client 162.220.232.148:34660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1dgAAAFg"]
[Thu Jun 11 16:22:34.582360 2026] [security2:error] [pid 3902:tid 3921] [client 162.220.232.148:34676] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.json"] [unique_id "aisK-v8lKn4qdPkDWlAuTwAAAQw"]
[Thu Jun 11 16:22:34.585458 2026] [security2:error] [pid 21295:tid 21338] [client 162.220.232.148:34692] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/settings.yml"] [unique_id "aisK-jlbUCMVJYfLxko_HQAAAIw"]
[Thu Jun 11 16:22:34.586938 2026] [security2:error] [pid 5830:tid 5837] [client 162.220.232.148:34686] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.inc.php"] [unique_id "aisK-pQ1oEsc4pCWMDP2QQAAAUI"]
[Thu Jun 11 16:22:34.587311 2026] [:error] [pid 5830:tid 5837] [client 162.220.232.148:34686] File does not exist: /var/www/html/config.inc.php
[Thu Jun 11 16:22:34.588751 2026] [security2:error] [pid 21243:tid 21257] [client 162.220.232.148:34554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bOgAAAMs"]
[Thu Jun 11 16:22:34.589962 2026] [security2:error] [pid 21243:tid 21256] [client 162.220.232.148:34652] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sw.js"] [unique_id "aisK-kKTwdTIu69rj41bPAAAAMo"]
[Thu Jun 11 16:22:34.593753 2026] [security2:error] [pid 21243:tid 21258] [client 162.220.232.148:34700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisK-kKTwdTIu69rj41bPQAAAMw"]
[Thu Jun 11 16:22:34.593885 2026] [security2:error] [pid 21243:tid 21258] [client 162.220.232.148:34700] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisK-kKTwdTIu69rj41bPQAAAMw"]
[Thu Jun 11 16:22:34.594216 2026] [security2:error] [pid 21243:tid 21258] [client 162.220.232.148:34700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisK-kKTwdTIu69rj41bPQAAAMw"]
[Thu Jun 11 16:22:34.595447 2026] [security2:error] [pid 21243:tid 21258] [client 162.220.232.148:34700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bPQAAAMw"]
[Thu Jun 11 16:22:34.595734 2026] [security2:error] [pid 9918:tid 9939] [client 162.220.232.148:34710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.yml.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dwAAAFE"]
[Thu Jun 11 16:22:34.595898 2026] [security2:error] [pid 9918:tid 9939] [client 162.220.232.148:34710] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.yml.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dwAAAFE"]
[Thu Jun 11 16:22:34.596006 2026] [security2:error] [pid 21243:tid 21259] [client 162.220.232.148:34600] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database/.env"] [unique_id "aisK-kKTwdTIu69rj41bOwAAAM0"]
[Thu Jun 11 16:22:34.596232 2026] [security2:error] [pid 21243:tid 21259] [client 162.220.232.148:34600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/database/.env"] [unique_id "aisK-kKTwdTIu69rj41bOwAAAM0"]
[Thu Jun 11 16:22:34.596398 2026] [security2:error] [pid 9918:tid 9939] [client 162.220.232.148:34710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config.yml.bak"] [unique_id "aisK-k4Kpjoch0F_BSr1dwAAAFE"]
[Thu Jun 11 16:22:34.596456 2026] [security2:error] [pid 21243:tid 21259] [client 162.220.232.148:34600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database/.env"] [unique_id "aisK-kKTwdTIu69rj41bOwAAAM0"]
[Thu Jun 11 16:22:34.597804 2026] [security2:error] [pid 21243:tid 21259] [client 162.220.232.148:34600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bOwAAAM0"]
[Thu Jun 11 16:22:34.597811 2026] [security2:error] [pid 9918:tid 9939] [client 162.220.232.148:34710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1dwAAAFE"]
[Thu Jun 11 16:22:34.599201 2026] [security2:error] [pid 3902:tid 3929] [client 162.220.232.148:34724] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/adminer.php"] [unique_id "aisK-v8lKn4qdPkDWlAuUQAAARQ"]
[Thu Jun 11 16:22:34.599276 2026] [security2:error] [pid 21295:tid 21348] [client 162.220.232.148:34756] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/next.config.js"] [unique_id "aisK-jlbUCMVJYfLxko_HgAAAJY"]
[Thu Jun 11 16:22:34.599705 2026] [:error] [pid 3902:tid 3929] [client 162.220.232.148:34724] File does not exist: /var/www/html/adminer.php
[Thu Jun 11 16:22:34.601598 2026] [security2:error] [pid 21243:tid 21268] [client 162.220.232.148:34772] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisK-kKTwdTIu69rj41bPgAAANY"]
[Thu Jun 11 16:22:34.601685 2026] [security2:error] [pid 5830:tid 5842] [client 162.220.232.148:34742] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisK-pQ1oEsc4pCWMDP2QgAAAUc"]
[Thu Jun 11 16:22:34.601857 2026] [security2:error] [pid 21243:tid 21268] [client 162.220.232.148:34772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisK-kKTwdTIu69rj41bPgAAANY"]
[Thu Jun 11 16:22:34.601905 2026] [security2:error] [pid 5830:tid 5842] [client 162.220.232.148:34742] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisK-pQ1oEsc4pCWMDP2QgAAAUc"]
[Thu Jun 11 16:22:34.602069 2026] [security2:error] [pid 21243:tid 21268] [client 162.220.232.148:34772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisK-kKTwdTIu69rj41bPgAAANY"]
[Thu Jun 11 16:22:34.602091 2026] [security2:error] [pid 5830:tid 5842] [client 162.220.232.148:34742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisK-pQ1oEsc4pCWMDP2QgAAAUc"]
[Thu Jun 11 16:22:34.602931 2026] [security2:error] [pid 5830:tid 5842] [client 162.220.232.148:34742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-pQ1oEsc4pCWMDP2QgAAAUc"]
[Thu Jun 11 16:22:34.602978 2026] [security2:error] [pid 21243:tid 21268] [client 162.220.232.148:34772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bPgAAANY"]
[Thu Jun 11 16:22:34.604282 2026] [security2:error] [pid 9918:tid 9941] [client 162.220.232.148:34776] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/static/js/main.js"] [unique_id "aisK-k4Kpjoch0F_BSr1eAAAAFM"]
[Thu Jun 11 16:22:34.604837 2026] [security2:error] [pid 3902:tid 3931] [client 162.220.232.148:34780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/security.txt"] [unique_id "aisK-v8lKn4qdPkDWlAuUgAAARY"]
[Thu Jun 11 16:22:34.607476 2026] [security2:error] [pid 21296:tid 21317] [client 162.220.232.148:34628] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.js"] [unique_id "aisK-qzVaq-mvl-Hfs8qyAAAABI"]
[Thu Jun 11 16:22:34.608849 2026] [security2:error] [pid 21295:tid 21344] [client 162.220.232.148:34806] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisK-jlbUCMVJYfLxko_HwAAAJI"]
[Thu Jun 11 16:22:34.609038 2026] [security2:error] [pid 21295:tid 21344] [client 162.220.232.148:34806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisK-jlbUCMVJYfLxko_HwAAAJI"]
[Thu Jun 11 16:22:34.609298 2026] [security2:error] [pid 21295:tid 21344] [client 162.220.232.148:34806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisK-jlbUCMVJYfLxko_HwAAAJI"]
[Thu Jun 11 16:22:34.610098 2026] [security2:error] [pid 21295:tid 21344] [client 162.220.232.148:34806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-jlbUCMVJYfLxko_HwAAAJI"]
[Thu Jun 11 16:22:34.611229 2026] [security2:error] [pid 21243:tid 21261] [client 162.220.232.148:34808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bundle.js"] [unique_id "aisK-kKTwdTIu69rj41bPwAAAM8"]
[Thu Jun 11 16:22:34.612550 2026] [security2:error] [pid 9918:tid 9930] [client 162.220.232.148:34812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.yml"] [unique_id "aisK-k4Kpjoch0F_BSr1eQAAAEg"]
[Thu Jun 11 16:22:34.615282 2026] [security2:error] [pid 3902:tid 3914] [client 162.220.232.148:34814] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/base/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuUwAAAQU"]
[Thu Jun 11 16:22:34.615511 2026] [security2:error] [pid 3902:tid 3914] [client 162.220.232.148:34814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /base/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/base/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuUwAAAQU"]
[Thu Jun 11 16:22:34.615798 2026] [security2:error] [pid 3902:tid 3914] [client 162.220.232.148:34814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/base/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuUwAAAQU"]
[Thu Jun 11 16:22:34.617361 2026] [security2:error] [pid 5830:tid 5855] [client 162.220.232.148:34792] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-admin/.env"] [unique_id "aisK-pQ1oEsc4pCWMDP2QwAAAVQ"]
[Thu Jun 11 16:22:34.617672 2026] [security2:error] [pid 5830:tid 5855] [client 162.220.232.148:34792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-admin/.env"] [unique_id "aisK-pQ1oEsc4pCWMDP2QwAAAVQ"]
[Thu Jun 11 16:22:34.617759 2026] [security2:error] [pid 3902:tid 3914] [client 162.220.232.148:34814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-v8lKn4qdPkDWlAuUwAAAQU"]
[Thu Jun 11 16:22:34.617938 2026] [security2:error] [pid 5830:tid 5855] [client 162.220.232.148:34792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-admin/.env"] [unique_id "aisK-pQ1oEsc4pCWMDP2QwAAAVQ"]
[Thu Jun 11 16:22:34.619108 2026] [security2:error] [pid 5830:tid 5855] [client 162.220.232.148:34792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-pQ1oEsc4pCWMDP2QwAAAVQ"]
[Thu Jun 11 16:22:34.620124 2026] [security2:error] [pid 21296:tid 21308] [client 162.220.232.148:34784] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secrets.yml"] [unique_id "aisK-qzVaq-mvl-Hfs8qyQAAAAk"]
[Thu Jun 11 16:22:34.622349 2026] [security2:error] [pid 21295:tid 21336] [client 162.220.232.148:34834] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisK-jlbUCMVJYfLxko_IAAAAIo"]
[Thu Jun 11 16:22:34.622557 2026] [security2:error] [pid 21295:tid 21336] [client 162.220.232.148:34834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisK-jlbUCMVJYfLxko_IAAAAIo"]
[Thu Jun 11 16:22:34.622773 2026] [security2:error] [pid 21295:tid 21336] [client 162.220.232.148:34834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisK-jlbUCMVJYfLxko_IAAAAIo"]
[Thu Jun 11 16:22:34.623468 2026] [security2:error] [pid 21295:tid 21336] [client 162.220.232.148:34834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-jlbUCMVJYfLxko_IAAAAIo"]
[Thu Jun 11 16:22:34.624644 2026] [security2:error] [pid 9918:tid 9922] [client 162.220.232.148:34844] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1egAAAEA"]
[Thu Jun 11 16:22:34.624862 2026] [security2:error] [pid 9918:tid 9922] [client 162.220.232.148:34844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1egAAAEA"]
[Thu Jun 11 16:22:34.625077 2026] [security2:error] [pid 9918:tid 9922] [client 162.220.232.148:34844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisK-k4Kpjoch0F_BSr1egAAAEA"]
[Thu Jun 11 16:22:34.626231 2026] [security2:error] [pid 5830:tid 5835] [client 162.220.232.148:34824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpinfo.php"] [unique_id "aisK-pQ1oEsc4pCWMDP2RAAAAUA"]
[Thu Jun 11 16:22:34.626861 2026] [security2:error] [pid 21243:tid 21247] [client 162.220.232.148:34838] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/laravel/.env"] [unique_id "aisK-kKTwdTIu69rj41bQAAAAME"]
[Thu Jun 11 16:22:34.627079 2026] [security2:error] [pid 21243:tid 21247] [client 162.220.232.148:34838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/vendor/laravel/.env"] [unique_id "aisK-kKTwdTIu69rj41bQAAAAME"]
[Thu Jun 11 16:22:34.627311 2026] [security2:error] [pid 21243:tid 21247] [client 162.220.232.148:34838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/laravel/.env"] [unique_id "aisK-kKTwdTIu69rj41bQAAAAME"]
[Thu Jun 11 16:22:34.628077 2026] [:error] [pid 5830:tid 5835] [client 162.220.232.148:34824] File does not exist: /var/www/html/phpinfo.php
[Thu Jun 11 16:22:34.628237 2026] [security2:error] [pid 21243:tid 21247] [client 162.220.232.148:34838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-kKTwdTIu69rj41bQAAAAME"]
[Thu Jun 11 16:22:34.629026 2026] [security2:error] [pid 9918:tid 9922] [client 162.220.232.148:34844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-k4Kpjoch0F_BSr1egAAAEA"]
[Thu Jun 11 16:22:34.629343 2026] [security2:error] [pid 3902:tid 3925] [client 162.220.232.148:34856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuVAAAARA"]
[Thu Jun 11 16:22:34.630144 2026] [security2:error] [pid 21295:tid 21339] [client 162.220.232.148:34882] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.php"] [unique_id "aisK-jlbUCMVJYfLxko_IQAAAI0"]
[Thu Jun 11 16:22:34.630458 2026] [security2:error] [pid 3902:tid 3925] [client 162.220.232.148:34856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuVAAAARA"]
[Thu Jun 11 16:22:34.630696 2026] [security2:error] [pid 3902:tid 3925] [client 162.220.232.148:34856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisK-v8lKn4qdPkDWlAuVAAAARA"]
[Thu Jun 11 16:22:34.632925 2026] [security2:error] [pid 3902:tid 3925] [client 162.220.232.148:34856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-v8lKn4qdPkDWlAuVAAAARA"]
[Thu Jun 11 16:22:34.633873 2026] [security2:error] [pid 5830:tid 5858] [client 162.220.232.148:34892] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_next/static/chunks/main.js"] [unique_id "aisK-pQ1oEsc4pCWMDP2RQAAAVc"]
[Thu Jun 11 16:22:34.636062 2026] [security2:error] [pid 21243:tid 21263] [client 162.220.232.148:34898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aisK-kKTwdTIu69rj41bQQAAANE"]
[Thu Jun 11 16:22:34.638792 2026] [security2:error] [pid 9918:tid 9938] [client 162.220.232.148:34900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/asset-manifest.json"] [unique_id "aisK-k4Kpjoch0F_BSr1ewAAAFA"]
[Thu Jun 11 16:22:34.643795 2026] [security2:error] [pid 21296:tid 21306] [client 162.220.232.148:34590] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisK-qzVaq-mvl-Hfs8qxwAAAAc"]
[Thu Jun 11 16:22:34.644003 2026] [security2:error] [pid 21296:tid 21304] [client 162.220.232.148:34662] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisK-qzVaq-mvl-Hfs8qygAAAAQ"]
[Thu Jun 11 16:22:34.644113 2026] [security2:error] [pid 21296:tid 21306] [client 162.220.232.148:34590] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisK-qzVaq-mvl-Hfs8qxwAAAAc"]
[Thu Jun 11 16:22:34.644525 2026] [security2:error] [pid 21296:tid 21306] [client 162.220.232.148:34590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisK-qzVaq-mvl-Hfs8qxwAAAAc"]
[Thu Jun 11 16:22:34.648236 2026] [security2:error] [pid 21296:tid 21320] [client 162.220.232.148:34866] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qywAAABU"]
[Thu Jun 11 16:22:34.648548 2026] [security2:error] [pid 21296:tid 21320] [client 162.220.232.148:34866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qywAAABU"]
[Thu Jun 11 16:22:34.648790 2026] [security2:error] [pid 21296:tid 21320] [client 162.220.232.148:34866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisK-qzVaq-mvl-Hfs8qywAAABU"]
[Thu Jun 11 16:22:34.649066 2026] [security2:error] [pid 21296:tid 21304] [client 162.220.232.148:34662] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisK-qzVaq-mvl-Hfs8qygAAAAQ"]
[Thu Jun 11 16:22:34.650350 2026] [security2:error] [pid 21296:tid 21320] [client 162.220.232.148:34866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qywAAABU"]
[Thu Jun 11 16:22:34.651451 2026] [security2:error] [pid 21296:tid 21321] [client 162.220.232.148:34740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzAAAABY"]
[Thu Jun 11 16:22:34.651659 2026] [security2:error] [pid 21296:tid 21321] [client 162.220.232.148:34740] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzAAAABY"]
[Thu Jun 11 16:22:34.651997 2026] [security2:error] [pid 21296:tid 21321] [client 162.220.232.148:34740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzAAAABY"]
[Thu Jun 11 16:22:34.653086 2026] [security2:error] [pid 21296:tid 21321] [client 162.220.232.148:34740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qzAAAABY"]
[Thu Jun 11 16:22:34.654084 2026] [security2:error] [pid 21296:tid 21324] [client 162.220.232.148:34826] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/nginx/access.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzQAAABg"]
[Thu Jun 11 16:22:34.654183 2026] [security2:error] [pid 21296:tid 21324] [client 162.220.232.148:34826] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/nginx/access.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzQAAABg"]
[Thu Jun 11 16:22:34.655221 2026] [security2:error] [pid 21296:tid 21324] [client 162.220.232.148:34826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/log/nginx/access.log"] [unique_id "aisK-qzVaq-mvl-Hfs8qzQAAABg"]
[Thu Jun 11 16:22:34.656549 2026] [security2:error] [pid 21296:tid 21324] [client 162.220.232.148:34826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qzQAAABg"]
[Thu Jun 11 16:22:34.655540 2026] [security2:error] [pid 21296:tid 21304] [client 162.220.232.148:34662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisK-qzVaq-mvl-Hfs8qygAAAAQ"]
[Thu Jun 11 16:22:34.657347 2026] [security2:error] [pid 21296:tid 21316] [client 162.220.232.148:34520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qxgAAABE"]
[Thu Jun 11 16:22:34.658829 2026] [security2:error] [pid 21296:tid 21304] [client 162.220.232.148:34662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qygAAAAQ"]
[Thu Jun 11 16:22:34.659258 2026] [security2:error] [pid 21296:tid 21306] [client 162.220.232.148:34590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-qzVaq-mvl-Hfs8qxwAAAAc"]
[Thu Jun 11 16:22:35.901129 2026] [security2:error] [pid 21295:tid 21330] [client 162.220.232.148:34920] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisK-zlbUCMVJYfLxko_JAAAAIQ"]
[Thu Jun 11 16:22:35.901566 2026] [security2:error] [pid 21295:tid 21330] [client 162.220.232.148:34920] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisK-zlbUCMVJYfLxko_JAAAAIQ"]
[Thu Jun 11 16:22:35.901995 2026] [security2:error] [pid 21295:tid 21330] [client 162.220.232.148:34920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisK-zlbUCMVJYfLxko_JAAAAIQ"]
[Thu Jun 11 16:22:35.902840 2026] [security2:error] [pid 21295:tid 21330] [client 162.220.232.148:34920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-zlbUCMVJYfLxko_JAAAAIQ"]
[Thu Jun 11 16:22:35.903833 2026] [security2:error] [pid 21243:tid 21255] [client 162.220.232.148:34904] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisK-0KTwdTIu69rj41bRAAAAMk"]
[Thu Jun 11 16:22:35.904041 2026] [security2:error] [pid 21243:tid 21255] [client 162.220.232.148:34904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisK-0KTwdTIu69rj41bRAAAAMk"]
[Thu Jun 11 16:22:35.904251 2026] [security2:error] [pid 21243:tid 21255] [client 162.220.232.148:34904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisK-0KTwdTIu69rj41bRAAAAMk"]
[Thu Jun 11 16:22:35.905791 2026] [security2:error] [pid 9918:tid 9945] [client 162.220.232.148:34926] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisK-04Kpjoch0F_BSr1ggAAAFc"]
[Thu Jun 11 16:22:35.905875 2026] [security2:error] [pid 9918:tid 9945] [client 162.220.232.148:34926] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisK-04Kpjoch0F_BSr1ggAAAFc"]
[Thu Jun 11 16:22:35.906168 2026] [security2:error] [pid 9918:tid 9945] [client 162.220.232.148:34926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisK-04Kpjoch0F_BSr1ggAAAFc"]
[Thu Jun 11 16:22:35.906987 2026] [security2:error] [pid 9918:tid 9945] [client 162.220.232.148:34926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-04Kpjoch0F_BSr1ggAAAFc"]
[Thu Jun 11 16:22:35.908771 2026] [security2:error] [pid 21243:tid 21255] [client 162.220.232.148:34904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK-0KTwdTIu69rj41bRAAAAMk"]
[Thu Jun 11 16:22:38.131541 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/openapi.json"] [unique_id "aisK_pQ1oEsc4pCWMDP2TQAAAUU"]
[Thu Jun 11 16:22:38.134542 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.vscode/sftp.json"] [unique_id "aisK_kKTwdTIu69rj41bSQAAAM4"]
[Thu Jun 11 16:22:38.136315 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.json.bak"] [unique_id "aisK_pQ1oEsc4pCWMDP2TgAAAVE"]
[Thu Jun 11 16:22:38.136395 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.json.bak"] [unique_id "aisK_pQ1oEsc4pCWMDP2TgAAAVE"]
[Thu Jun 11 16:22:38.136760 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config.json.bak"] [unique_id "aisK_pQ1oEsc4pCWMDP2TgAAAVE"]
[Thu Jun 11 16:22:38.137524 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_pQ1oEsc4pCWMDP2TgAAAVE"]
[Thu Jun 11 16:22:38.138959 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sites/all/libraries/mailchimp/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kAAAAEM"]
[Thu Jun 11 16:22:38.139253 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisK_jlbUCMVJYfLxko_KQAAAIg"]
[Thu Jun 11 16:22:38.139380 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sites/all/libraries/mailchimp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sites/all/libraries/mailchimp/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kAAAAEM"]
[Thu Jun 11 16:22:38.139662 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisK_jlbUCMVJYfLxko_KQAAAIg"]
[Thu Jun 11 16:22:38.139653 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sites/all/libraries/mailchimp/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kAAAAEM"]
[Thu Jun 11 16:22:38.139880 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisK_jlbUCMVJYfLxko_KQAAAIg"]
[Thu Jun 11 16:22:38.140777 2026] [security2:error] [pid 9918:tid 9925] [client 162.220.232.148:34468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_k4Kpjoch0F_BSr1kAAAAEM"]
[Thu Jun 11 16:22:38.141435 2026] [security2:error] [pid 21296:tid 21318] [client 162.220.232.148:34478] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.js"] [unique_id "aisK_qzVaq-mvl-Hfs8q3wAAABM"]
[Thu Jun 11 16:22:38.141673 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisK_qzVaq-mvl-Hfs8q3gAAAAs"]
[Thu Jun 11 16:22:38.141877 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cgi-bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisK_qzVaq-mvl-Hfs8q3gAAAAs"]
[Thu Jun 11 16:22:38.142059 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisK_qzVaq-mvl-Hfs8q3gAAAAs"]
[Thu Jun 11 16:22:38.143259 2026] [security2:error] [pid 21296:tid 21310] [client 162.220.232.148:34446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_qzVaq-mvl-Hfs8q3gAAAAs"]
[Thu Jun 11 16:22:38.146554 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYQAAAQs"]
[Thu Jun 11 16:22:38.146781 2026] [security2:error] [pid 21243:tid 21270] [client 162.220.232.148:34508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.override.yml"] [unique_id "aisK_kKTwdTIu69rj41bSgAAANg"]
[Thu Jun 11 16:22:38.146984 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/local/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYQAAAQs"]
[Thu Jun 11 16:22:38.147457 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/local/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYQAAAQs"]
[Thu Jun 11 16:22:38.148321 2026] [security2:error] [pid 3902:tid 3920] [client 162.220.232.148:34514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_v8lKn4qdPkDWlAuYQAAAQs"]
[Thu Jun 11 16:22:38.149563 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisK_v8lKn4qdPkDWlAuYAAAAQ4"]
[Thu Jun 11 16:22:38.149676 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisK_v8lKn4qdPkDWlAuYAAAAQ4"]
[Thu Jun 11 16:22:38.149830 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisK_v8lKn4qdPkDWlAuYAAAAQ4"]
[Thu Jun 11 16:22:38.150045 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisK_v8lKn4qdPkDWlAuYAAAAQ4"]
[Thu Jun 11 16:22:38.150831 2026] [security2:error] [pid 3902:tid 3923] [client 162.220.232.148:34432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_v8lKn4qdPkDWlAuYAAAAQ4"]
[Thu Jun 11 16:22:38.153395 2026] [security2:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2TwAAAUw"]
[Thu Jun 11 16:22:38.153696 2026] [security2:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2TwAAAUw"]
[Thu Jun 11 16:22:38.153820 2026] [security2:error] [pid 21295:tid 21334] [client 162.220.232.148:34480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_jlbUCMVJYfLxko_KQAAAIg"]
[Thu Jun 11 16:22:38.153918 2026] [security2:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2TwAAAUw"]
[Thu Jun 11 16:22:38.154949 2026] [security2:error] [pid 5830:tid 5847] [client 162.220.232.148:34536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_pQ1oEsc4pCWMDP2TwAAAUw"]
[Thu Jun 11 16:22:38.156084 2026] [security2:error] [pid 3902:tid 3926] [client 162.220.232.148:34574] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/crm/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYgAAARE"]
[Thu Jun 11 16:22:38.156325 2026] [security2:error] [pid 3902:tid 3926] [client 162.220.232.148:34574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/crm/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYgAAARE"]
[Thu Jun 11 16:22:38.156650 2026] [security2:error] [pid 3902:tid 3926] [client 162.220.232.148:34574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/crm/.env"] [unique_id "aisK_v8lKn4qdPkDWlAuYgAAARE"]
[Thu Jun 11 16:22:38.158225 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kQAAAEY"]
[Thu Jun 11 16:22:38.158455 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kQAAAEY"]
[Thu Jun 11 16:22:38.158714 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisK_k4Kpjoch0F_BSr1kQAAAEY"]
[Thu Jun 11 16:22:38.164251 2026] [security2:error] [pid 3902:tid 3926] [client 162.220.232.148:34574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_v8lKn4qdPkDWlAuYgAAARE"]
[Thu Jun 11 16:22:38.164853 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2UAAAAUM"]
[Thu Jun 11 16:22:38.165083 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2UAAAAUM"]
[Thu Jun 11 16:22:38.165293 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisK_pQ1oEsc4pCWMDP2UAAAAUM"]
[Thu Jun 11 16:22:38.165320 2026] [security2:error] [pid 9918:tid 9928] [client 162.220.232.148:34566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_k4Kpjoch0F_BSr1kQAAAEY"]
[Thu Jun 11 16:22:38.166122 2026] [security2:error] [pid 5830:tid 5838] [client 162.220.232.148:34596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_pQ1oEsc4pCWMDP2UAAAAUM"]
[Thu Jun 11 16:22:38.170302 2026] [security2:error] [pid 21295:tid 21327] [client 162.220.232.148:34546] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisK_jlbUCMVJYfLxko_KgAAAIE"]
[Thu Jun 11 16:22:38.170499 2026] [security2:error] [pid 21295:tid 21327] [client 162.220.232.148:34546] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisK_jlbUCMVJYfLxko_KgAAAIE"]
[Thu Jun 11 16:22:38.170759 2026] [security2:error] [pid 21295:tid 21327] [client 162.220.232.148:34546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisK_jlbUCMVJYfLxko_KgAAAIE"]
[Thu Jun 11 16:22:38.171652 2026] [security2:error] [pid 21295:tid 21327] [client 162.220.232.148:34546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_jlbUCMVJYfLxko_KgAAAIE"]
[Thu Jun 11 16:22:38.172622 2026] [security2:error] [pid 21295:tid 21332] [client 162.220.232.148:34568] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.yml"] [unique_id "aisK_jlbUCMVJYfLxko_KwAAAIY"]
[Thu Jun 11 16:22:38.172682 2026] [security2:error] [pid 9918:tid 9934] [client 162.220.232.148:34510] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/configprops"] [unique_id "aisK_k4Kpjoch0F_BSr1kgAAAEw"]
[Thu Jun 11 16:22:39.322655 2026] [security2:error] [pid 21295:tid 21345] [client 162.220.232.148:34458] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisK_zlbUCMVJYfLxko_LgAAAJM"]
[Thu Jun 11 16:22:39.322767 2026] [security2:error] [pid 21295:tid 21345] [client 162.220.232.148:34458] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisK_zlbUCMVJYfLxko_LgAAAJM"]
[Thu Jun 11 16:22:39.323123 2026] [security2:error] [pid 21295:tid 21345] [client 162.220.232.148:34458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisK_zlbUCMVJYfLxko_LgAAAJM"]
[Thu Jun 11 16:22:39.323880 2026] [security2:error] [pid 21295:tid 21345] [client 162.220.232.148:34458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisK_zlbUCMVJYfLxko_LgAAAJM"]
[Thu Jun 11 16:22:40.500328 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisLAEKTwdTIu69rj41bTwAAAM4"]
[Thu Jun 11 16:22:40.500408 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisLAEKTwdTIu69rj41bTwAAAM4"]
[Thu Jun 11 16:22:40.500867 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisLAEKTwdTIu69rj41bTwAAAM4"]
[Thu Jun 11 16:22:40.501812 2026] [security2:error] [pid 21243:tid 21260] [client 162.220.232.148:34474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisLAEKTwdTIu69rj41bTwAAAM4"]
[Thu Jun 11 16:22:40.503086 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisLAJQ1oEsc4pCWMDP2VgAAAUU"]
[Thu Jun 11 16:22:40.503224 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisLAJQ1oEsc4pCWMDP2VgAAAUU"]
[Thu Jun 11 16:22:40.503637 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config.php.bak"] [unique_id "aisLAJQ1oEsc4pCWMDP2VgAAAUU"]
[Thu Jun 11 16:22:40.504507 2026] [security2:error] [pid 5830:tid 5840] [client 162.220.232.148:34418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisLAJQ1oEsc4pCWMDP2VgAAAUU"]
[Thu Jun 11 16:22:40.505494 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisLAJQ1oEsc4pCWMDP2VwAAAVE"]
[Thu Jun 11 16:22:40.505705 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisLAJQ1oEsc4pCWMDP2VwAAAVE"]
[Thu Jun 11 16:22:40.505889 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisLAJQ1oEsc4pCWMDP2VwAAAVE"]
[Thu Jun 11 16:22:40.506630 2026] [security2:error] [pid 5830:tid 5852] [client 162.220.232.148:34496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisLAJQ1oEsc4pCWMDP2VwAAAVE"]
[Thu Jun 11 16:22:42.996347 2026] [core:error] [pid 5830:tid 5857] [client 223.85.251.55:55380] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 16:27:27.040977 2026] [security2:error] [pid 21243:tid 21252] [client 78.153.140.93:49710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisMH0KTwdTIu69rj41gXgAAAMY"]
[Thu Jun 11 16:27:27.041196 2026] [security2:error] [pid 21243:tid 21252] [client 78.153.140.93:49710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisMH0KTwdTIu69rj41gXgAAAMY"]
[Thu Jun 11 16:27:27.041493 2026] [security2:error] [pid 21243:tid 21252] [client 78.153.140.93:49710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisMH0KTwdTIu69rj41gXgAAAMY"]
[Thu Jun 11 16:27:27.042311 2026] [security2:error] [pid 21243:tid 21252] [client 78.153.140.93:49710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisMH0KTwdTIu69rj41gXgAAAMY"]
[Thu Jun 11 16:27:27.415434 2026] [security2:error] [pid 21295:tid 21340] [client 78.153.140.93:49720] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisMHzlbUCMVJYfLxkpE3wAAAI4"]
[Thu Jun 11 16:27:45.104099 2026] [security2:error] [pid 21243:tid 21266] [client 45.148.10.67:18112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisMMUKTwdTIu69rj41gmwAAANQ"]
[Thu Jun 11 16:33:34.274479 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNjqzVaq-mvl-Hfs80lgAAAAk"]
[Thu Jun 11 16:33:34.274722 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bkp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNjqzVaq-mvl-Hfs80lgAAAAk"]
[Thu Jun 11 16:33:34.275062 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNjqzVaq-mvl-Hfs80lgAAAAk"]
[Thu Jun 11 16:33:34.275860 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80lgAAAAk"]
[Thu Jun 11 16:33:34.290900 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-zAAAAUw"]
[Thu Jun 11 16:33:34.291089 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-zAAAAUw"]
[Thu Jun 11 16:33:34.291308 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-zAAAAUw"]
[Thu Jun 11 16:33:34.292031 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-zAAAAUw"]
[Thu Jun 11 16:33:34.293164 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKGQAAAJg"]
[Thu Jun 11 16:33:34.293242 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKGQAAAJg"]
[Thu Jun 11 16:33:34.293371 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKGQAAAJg"]
[Thu Jun 11 16:33:34.294501 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNjkKTwdTIu69rj41nGwAAAME"]
[Thu Jun 11 16:33:34.294693 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNjkKTwdTIu69rj41nGwAAAME"]
[Thu Jun 11 16:33:34.294882 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNjkKTwdTIu69rj41nGwAAAME"]
[Thu Jun 11 16:33:34.295730 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nGwAAAME"]
[Thu Jun 11 16:33:34.299009 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2CQAAAQ4"]
[Thu Jun 11 16:33:34.299188 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2CQAAAQ4"]
[Thu Jun 11 16:33:34.299403 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2CQAAAQ4"]
[Thu Jun 11 16:33:34.300257 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2CQAAAQ4"]
[Thu Jun 11 16:33:34.301684 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjk4Kpjoch0F_BSr-LwAAAEg"]
[Thu Jun 11 16:33:34.301891 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjk4Kpjoch0F_BSr-LwAAAEg"]
[Thu Jun 11 16:33:34.302105 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjk4Kpjoch0F_BSr-LwAAAEg"]
[Thu Jun 11 16:33:34.302765 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjqzVaq-mvl-Hfs80lwAAABg"]
[Thu Jun 11 16:33:34.303102 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjqzVaq-mvl-Hfs80lwAAABg"]
[Thu Jun 11 16:33:34.303460 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjqzVaq-mvl-Hfs80lwAAABg"]
[Thu Jun 11 16:33:34.303466 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-LwAAAEg"]
[Thu Jun 11 16:33:34.304365 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80lwAAABg"]
[Thu Jun 11 16:33:34.304656 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjpQ1oEsc4pCWMDP-zQAAAVc"]
[Thu Jun 11 16:33:34.304864 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjpQ1oEsc4pCWMDP-zQAAAVc"]
[Thu Jun 11 16:33:34.305053 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjpQ1oEsc4pCWMDP-zQAAAVc"]
[Thu Jun 11 16:33:34.305468 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKGgAAAIk"]
[Thu Jun 11 16:33:34.305675 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKGgAAAIk"]
[Thu Jun 11 16:33:34.305697 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKGQAAAJg"]
[Thu Jun 11 16:33:34.305885 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKGgAAAIk"]
[Thu Jun 11 16:33:34.306265 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-zQAAAVc"]
[Thu Jun 11 16:33:34.307399 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjkKTwdTIu69rj41nHAAAANI"]
[Thu Jun 11 16:33:34.307567 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjkKTwdTIu69rj41nHAAAANI"]
[Thu Jun 11 16:33:34.307798 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjkKTwdTIu69rj41nHAAAANI"]
[Thu Jun 11 16:33:34.308498 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nHAAAANI"]
[Thu Jun 11 16:33:34.310417 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjv8lKn4qdPkDWlA2CgAAARQ"]
[Thu Jun 11 16:33:34.310623 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjv8lKn4qdPkDWlA2CgAAARQ"]
[Thu Jun 11 16:33:34.310853 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNjv8lKn4qdPkDWlA2CgAAARQ"]
[Thu Jun 11 16:33:34.311920 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2CgAAARQ"]
[Thu Jun 11 16:33:34.312985 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings_local.py"] [unique_id "aisNjqzVaq-mvl-Hfs80mAAAABY"]
[Thu Jun 11 16:33:34.314877 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/credentials.json"] [unique_id "aisNjpQ1oEsc4pCWMDP-zgAAAUc"]
[Thu Jun 11 16:33:34.316391 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNjk4Kpjoch0F_BSr-MAAAAEY"]
[Thu Jun 11 16:33:34.316555 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNjk4Kpjoch0F_BSr-MAAAAEY"]
[Thu Jun 11 16:33:34.316779 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNjk4Kpjoch0F_BSr-MAAAAEY"]
[Thu Jun 11 16:33:34.317148 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80mQAAAAk"]
[Thu Jun 11 16:33:34.317284 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80mQAAAAk"]
[Thu Jun 11 16:33:34.317440 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-MAAAAEY"]
[Thu Jun 11 16:33:34.317426 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80mQAAAAk"]
[Thu Jun 11 16:33:34.318113 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80mQAAAAk"]
[Thu Jun 11 16:33:34.319974 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKGgAAAIk"]
[Thu Jun 11 16:33:34.323698 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNjkKTwdTIu69rj41nHgAAAM4"]
[Thu Jun 11 16:33:34.323884 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNjkKTwdTIu69rj41nHgAAAM4"]
[Thu Jun 11 16:33:34.324067 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNjkKTwdTIu69rj41nHgAAAM4"]
[Thu Jun 11 16:33:34.324977 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nHgAAAM4"]
[Thu Jun 11 16:33:34.326013 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php"] [unique_id "aisNjk4Kpjoch0F_BSr-MQAAAFg"]
[Thu Jun 11 16:33:34.326326 2026] [:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] File does not exist: /var/www/html/config.php
[Thu Jun 11 16:33:34.328670 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNjv8lKn4qdPkDWlA2CwAAARE"]
[Thu Jun 11 16:33:34.328744 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNjv8lKn4qdPkDWlA2CwAAARE"]
[Thu Jun 11 16:33:34.328881 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNjv8lKn4qdPkDWlA2CwAAARE"]
[Thu Jun 11 16:33:34.329100 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNjv8lKn4qdPkDWlA2CwAAARE"]
[Thu Jun 11 16:33:34.330490 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2CwAAARE"]
[Thu Jun 11 16:33:34.332010 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNjqzVaq-mvl-Hfs80mgAAABQ"]
[Thu Jun 11 16:33:34.332140 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNjqzVaq-mvl-Hfs80mgAAABQ"]
[Thu Jun 11 16:33:34.332257 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNjqzVaq-mvl-Hfs80mgAAABQ"]
[Thu Jun 11 16:33:34.332712 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNjqzVaq-mvl-Hfs80mgAAABQ"]
[Thu Jun 11 16:33:34.335002 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/credentials.yml.enc"] [unique_id "aisNjjlbUCMVJYfLxkpKGwAAAIA"]
[Thu Jun 11 16:33:34.335350 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.npmrc"] [unique_id "aisNjpQ1oEsc4pCWMDP-zwAAAVM"]
[Thu Jun 11 16:33:34.336548 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/mail.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-0AAAAUw"]
[Thu Jun 11 16:33:34.339099 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNjkKTwdTIu69rj41nHwAAAME"]
[Thu Jun 11 16:33:34.339292 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNjkKTwdTIu69rj41nHwAAAME"]
[Thu Jun 11 16:33:34.339561 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNjkKTwdTIu69rj41nHwAAAME"]
[Thu Jun 11 16:33:34.340606 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nHwAAAME"]
[Thu Jun 11 16:33:34.342322 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.json"] [unique_id "aisNjjlbUCMVJYfLxkpKHAAAAII"]
[Thu Jun 11 16:33:34.343804 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nIAAAAMA"]
[Thu Jun 11 16:33:34.344033 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nIAAAAMA"]
[Thu Jun 11 16:33:34.344247 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nIAAAAMA"]
[Thu Jun 11 16:33:34.344324 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/configuration.php"] [unique_id "aisNjqzVaq-mvl-Hfs80mwAAABg"]
[Thu Jun 11 16:33:34.344784 2026] [:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] File does not exist: /var/www/html/configuration.php
[Thu Jun 11 16:33:34.345240 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nIAAAAMA"]
[Thu Jun 11 16:33:34.346090 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-MgAAAFM"]
[Thu Jun 11 16:33:34.346280 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-MgAAAFM"]
[Thu Jun 11 16:33:34.346464 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-MgAAAFM"]
[Thu Jun 11 16:33:34.347275 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-MgAAAFM"]
[Thu Jun 11 16:33:34.348134 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.txt"] [unique_id "aisNjv8lKn4qdPkDWlA2DAAAAQM"]
[Thu Jun 11 16:33:34.350300 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-0QAAAVc"]
[Thu Jun 11 16:33:34.350734 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-0QAAAVc"]
[Thu Jun 11 16:33:34.351199 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-0QAAAVc"]
[Thu Jun 11 16:33:34.351973 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-0QAAAVc"]
[Thu Jun 11 16:33:34.352948 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNjkKTwdTIu69rj41nIQAAANI"]
[Thu Jun 11 16:33:34.353135 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNjkKTwdTIu69rj41nIQAAANI"]
[Thu Jun 11 16:33:34.353411 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNjkKTwdTIu69rj41nIQAAANI"]
[Thu Jun 11 16:33:34.354522 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nIQAAANI"]
[Thu Jun 11 16:33:34.355270 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DQAAAQ4"]
[Thu Jun 11 16:33:34.355424 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DQAAAQ4"]
[Thu Jun 11 16:33:34.355638 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DQAAAQ4"]
[Thu Jun 11 16:33:34.356503 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2DQAAAQ4"]
[Thu Jun 11 16:33:34.357163 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DgAAARQ"]
[Thu Jun 11 16:33:34.359028 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNjk4Kpjoch0F_BSr-MwAAAEY"]
[Thu Jun 11 16:33:34.359195 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNjk4Kpjoch0F_BSr-MwAAAEY"]
[Thu Jun 11 16:33:34.359392 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNjk4Kpjoch0F_BSr-MwAAAEY"]
[Thu Jun 11 16:33:34.360181 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNjqzVaq-mvl-Hfs80nAAAABY"]
[Thu Jun 11 16:33:34.360329 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNjqzVaq-mvl-Hfs80nAAAABY"]
[Thu Jun 11 16:33:34.360464 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNjqzVaq-mvl-Hfs80nAAAABY"]
[Thu Jun 11 16:33:34.361256 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80nAAAABY"]
[Thu Jun 11 16:33:34.361262 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80nQAAAAk"]
[Thu Jun 11 16:33:34.361414 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80nQAAAAk"]
[Thu Jun 11 16:33:34.361671 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80nQAAAAk"]
[Thu Jun 11 16:33:34.361950 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKHQAAAIk"]
[Thu Jun 11 16:33:34.362105 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKHQAAAIk"]
[Thu Jun 11 16:33:34.362295 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80nQAAAAk"]
[Thu Jun 11 16:33:34.362305 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKHQAAAIk"]
[Thu Jun 11 16:33:34.362980 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-0gAAAUc"]
[Thu Jun 11 16:33:34.363135 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-0gAAAUc"]
[Thu Jun 11 16:33:34.363325 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-0gAAAUc"]
[Thu Jun 11 16:33:34.364033 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-0gAAAUc"]
[Thu Jun 11 16:33:34.364907 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKGQAAAJg"]
[Thu Jun 11 16:33:34.365441 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKHQAAAIk"]
[Thu Jun 11 16:33:34.366378 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.yml"] [unique_id "aisNjk4Kpjoch0F_BSr-NAAAAEg"]
[Thu Jun 11 16:33:34.370358 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-MwAAAEY"]
[Thu Jun 11 16:33:34.371058 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-NQAAAFg"]
[Thu Jun 11 16:33:34.371312 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-NQAAAFg"]
[Thu Jun 11 16:33:34.371509 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-NQAAAFg"]
[Thu Jun 11 16:33:34.372285 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/credentials.yml.enc"] [unique_id "aisNjkKTwdTIu69rj41nIgAAAM4"]
[Thu Jun 11 16:33:34.373342 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80mgAAABQ"]
[Thu Jun 11 16:33:34.374615 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DwAAARE"]
[Thu Jun 11 16:33:34.374807 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DwAAARE"]
[Thu Jun 11 16:33:34.374946 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2DwAAARE"]
[Thu Jun 11 16:33:34.375654 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2DwAAARE"]
[Thu Jun 11 16:33:34.377774 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-NQAAAFg"]
[Thu Jun 11 16:33:34.378867 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.secret"] [unique_id "aisNjpQ1oEsc4pCWMDP-0wAAAUw"]
[Thu Jun 11 16:33:34.384042 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secret.json"] [unique_id "aisNjpQ1oEsc4pCWMDP-1AAAAVM"]
[Thu Jun 11 16:33:34.385763 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNjqzVaq-mvl-Hfs80ngAAABg"]
[Thu Jun 11 16:33:34.385936 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNjqzVaq-mvl-Hfs80ngAAABg"]
[Thu Jun 11 16:33:34.386137 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNjqzVaq-mvl-Hfs80ngAAABg"]
[Thu Jun 11 16:33:34.386789 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80ngAAABg"]
[Thu Jun 11 16:33:34.388217 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/etc/env.php"] [unique_id "aisNjjlbUCMVJYfLxkpKHgAAAIA"]
[Thu Jun 11 16:33:34.389799 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNjkKTwdTIu69rj41nIwAAAMA"]
[Thu Jun 11 16:33:34.389951 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNjkKTwdTIu69rj41nIwAAAMA"]
[Thu Jun 11 16:33:34.390471 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNjkKTwdTIu69rj41nIwAAAMA"]
[Thu Jun 11 16:33:34.391249 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nIwAAAMA"]
[Thu Jun 11 16:33:34.392023 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/k8s-config.yml"] [unique_id "aisNjk4Kpjoch0F_BSr-NgAAAFM"]
[Thu Jun 11 16:33:34.394250 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNjkKTwdTIu69rj41nJAAAAME"]
[Thu Jun 11 16:33:34.394403 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNjkKTwdTIu69rj41nJAAAAME"]
[Thu Jun 11 16:33:34.394609 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNjkKTwdTIu69rj41nJAAAAME"]
[Thu Jun 11 16:33:34.395310 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nJAAAAME"]
[Thu Jun 11 16:33:34.413092 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNjjlbUCMVJYfLxkpKHwAAAJg"]
[Thu Jun 11 16:33:34.413314 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNjjlbUCMVJYfLxkpKHwAAAJg"]
[Thu Jun 11 16:33:34.413534 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNjjlbUCMVJYfLxkpKHwAAAJg"]
[Thu Jun 11 16:33:34.414241 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKHwAAAJg"]
[Thu Jun 11 16:33:34.418278 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNjqzVaq-mvl-Hfs80oAAAABY"]
[Thu Jun 11 16:33:34.418421 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNjqzVaq-mvl-Hfs80oAAAABY"]
[Thu Jun 11 16:33:34.418568 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNjqzVaq-mvl-Hfs80oAAAABY"]
[Thu Jun 11 16:33:34.419539 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80oAAAABY"]
[Thu Jun 11 16:33:34.420443 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EAAAAQ4"]
[Thu Jun 11 16:33:34.420637 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EAAAAQ4"]
[Thu Jun 11 16:33:34.420900 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EAAAAQ4"]
[Thu Jun 11 16:33:34.421534 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2EAAAAQ4"]
[Thu Jun 11 16:33:34.423331 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjv8lKn4qdPkDWlA2EQAAARE"]
[Thu Jun 11 16:33:34.423356 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNjk4Kpjoch0F_BSr-NwAAAEg"]
[Thu Jun 11 16:33:34.423501 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNjk4Kpjoch0F_BSr-NwAAAEg"]
[Thu Jun 11 16:33:34.423626 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjv8lKn4qdPkDWlA2EQAAARE"]
[Thu Jun 11 16:33:34.423771 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNjk4Kpjoch0F_BSr-NwAAAEg"]
[Thu Jun 11 16:33:34.423908 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNjv8lKn4qdPkDWlA2EQAAARE"]
[Thu Jun 11 16:33:34.424405 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-NwAAAEg"]
[Thu Jun 11 16:33:34.424563 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2EQAAARE"]
[Thu Jun 11 16:33:34.425897 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNjpQ1oEsc4pCWMDP-1gAAAUw"]
[Thu Jun 11 16:33:34.426066 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNjpQ1oEsc4pCWMDP-1gAAAUw"]
[Thu Jun 11 16:33:34.426300 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNjpQ1oEsc4pCWMDP-1gAAAUw"]
[Thu Jun 11 16:33:34.427042 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-1gAAAUw"]
[Thu Jun 11 16:33:34.428134 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application.yml"] [unique_id "aisNjjlbUCMVJYfLxkpKIAAAAIk"]
[Thu Jun 11 16:33:34.432263 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjqzVaq-mvl-Hfs80oQAAAAk"]
[Thu Jun 11 16:33:34.432467 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjqzVaq-mvl-Hfs80oQAAAAk"]
[Thu Jun 11 16:33:34.432763 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNjqzVaq-mvl-Hfs80oQAAAAk"]
[Thu Jun 11 16:33:34.433825 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80oQAAAAk"]
[Thu Jun 11 16:33:34.440823 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNjkKTwdTIu69rj41nJQAAAMA"]
[Thu Jun 11 16:33:34.440891 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNjkKTwdTIu69rj41nJQAAAMA"]
[Thu Jun 11 16:33:34.441032 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNjkKTwdTIu69rj41nJQAAAMA"]
[Thu Jun 11 16:33:34.441229 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNjkKTwdTIu69rj41nJQAAAMA"]
[Thu Jun 11 16:33:34.441859 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nJQAAAMA"]
[Thu Jun 11 16:33:34.442867 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EgAAARQ"]
[Thu Jun 11 16:33:34.443022 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EgAAARQ"]
[Thu Jun 11 16:33:34.443190 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2EgAAARQ"]
[Thu Jun 11 16:33:34.443877 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2EgAAARQ"]
[Thu Jun 11 16:33:34.444807 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-OAAAAEY"]
[Thu Jun 11 16:33:34.444959 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-OAAAAEY"]
[Thu Jun 11 16:33:34.445131 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-OAAAAEY"]
[Thu Jun 11 16:33:34.445775 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-OAAAAEY"]
[Thu Jun 11 16:33:34.449220 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKIQAAAIA"]
[Thu Jun 11 16:33:34.449292 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKIQAAAIA"]
[Thu Jun 11 16:33:34.449405 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKIQAAAIA"]
[Thu Jun 11 16:33:34.449615 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKIQAAAIA"]
[Thu Jun 11 16:33:34.450322 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKIQAAAIA"]
[Thu Jun 11 16:33:34.451731 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80ogAAABg"]
[Thu Jun 11 16:33:34.451938 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80ogAAABg"]
[Thu Jun 11 16:33:34.452124 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80ogAAABg"]
[Thu Jun 11 16:33:34.453032 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80ogAAABg"]
[Thu Jun 11 16:33:34.454052 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNjkKTwdTIu69rj41nJgAAANI"]
[Thu Jun 11 16:33:34.454228 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNjkKTwdTIu69rj41nJgAAANI"]
[Thu Jun 11 16:33:34.454381 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNjkKTwdTIu69rj41nJgAAANI"]
[Thu Jun 11 16:33:34.455308 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nJgAAANI"]
[Thu Jun 11 16:33:34.456493 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-2AAAAVM"]
[Thu Jun 11 16:33:34.456711 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-2AAAAVM"]
[Thu Jun 11 16:33:34.456896 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-2AAAAVM"]
[Thu Jun 11 16:33:34.458922 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-2AAAAVM"]
[Thu Jun 11 16:33:34.473977 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjpQ1oEsc4pCWMDP-2QAAAVc"]
[Thu Jun 11 16:33:34.474145 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjpQ1oEsc4pCWMDP-2QAAAVc"]
[Thu Jun 11 16:33:34.474314 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNjpQ1oEsc4pCWMDP-2QAAAVc"]
[Thu Jun 11 16:33:34.475173 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-2QAAAVc"]
[Thu Jun 11 16:33:34.476310 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application.properties"] [unique_id "aisNjjlbUCMVJYfLxkpKIgAAAII"]
[Thu Jun 11 16:33:34.478982 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjqzVaq-mvl-Hfs80owAAABQ"]
[Thu Jun 11 16:33:34.479158 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjqzVaq-mvl-Hfs80owAAABQ"]
[Thu Jun 11 16:33:34.479297 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjqzVaq-mvl-Hfs80owAAABQ"]
[Thu Jun 11 16:33:34.480301 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80owAAABQ"]
[Thu Jun 11 16:33:34.481150 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNjkKTwdTIu69rj41nJwAAAM4"]
[Thu Jun 11 16:33:34.481216 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNjkKTwdTIu69rj41nJwAAAM4"]
[Thu Jun 11 16:33:34.481333 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNjkKTwdTIu69rj41nJwAAAM4"]
[Thu Jun 11 16:33:34.481459 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNjkKTwdTIu69rj41nJwAAAM4"]
[Thu Jun 11 16:33:34.482168 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nJwAAAM4"]
[Thu Jun 11 16:33:34.485599 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjk4Kpjoch0F_BSr-OQAAAFg"]
[Thu Jun 11 16:33:34.485761 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjk4Kpjoch0F_BSr-OQAAAFg"]
[Thu Jun 11 16:33:34.485954 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNjk4Kpjoch0F_BSr-OQAAAFg"]
[Thu Jun 11 16:33:34.486636 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-OQAAAFg"]
[Thu Jun 11 16:33:34.492943 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/database.php"] [unique_id "aisNjv8lKn4qdPkDWlA2EwAAAQM"]
[Thu Jun 11 16:33:34.496908 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNjpQ1oEsc4pCWMDP-2gAAAUc"]
[Thu Jun 11 16:33:34.497092 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNjpQ1oEsc4pCWMDP-2gAAAUc"]
[Thu Jun 11 16:33:34.497288 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNjpQ1oEsc4pCWMDP-2gAAAUc"]
[Thu Jun 11 16:33:34.498257 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-2gAAAUc"]
[Thu Jun 11 16:33:34.540568 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/mail.php"] [unique_id "aisNjk4Kpjoch0F_BSr-OgAAAEY"]
[Thu Jun 11 16:33:34.541330 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKIwAAAIk"]
[Thu Jun 11 16:33:34.541477 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /global/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKIwAAAIk"]
[Thu Jun 11 16:33:34.541677 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKIwAAAIk"]
[Thu Jun 11 16:33:34.542423 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKIwAAAIk"]
[Thu Jun 11 16:33:34.543037 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNjv8lKn4qdPkDWlA2FAAAAQ4"]
[Thu Jun 11 16:33:34.543182 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNjv8lKn4qdPkDWlA2FAAAAQ4"]
[Thu Jun 11 16:33:34.543398 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNjv8lKn4qdPkDWlA2FAAAAQ4"]
[Thu Jun 11 16:33:34.543844 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNjpQ1oEsc4pCWMDP-2wAAAUw"]
[Thu Jun 11 16:33:34.543952 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNjpQ1oEsc4pCWMDP-2wAAAUw"]
[Thu Jun 11 16:33:34.544136 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2FAAAAQ4"]
[Thu Jun 11 16:33:34.544299 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNjpQ1oEsc4pCWMDP-2wAAAUw"]
[Thu Jun 11 16:33:34.545225 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-3AAAAVc"]
[Thu Jun 11 16:33:34.545396 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-3AAAAVc"]
[Thu Jun 11 16:33:34.545494 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-2wAAAUw"]
[Thu Jun 11 16:33:34.545643 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-3AAAAVc"]
[Thu Jun 11 16:33:34.546300 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/includes/config.php"] [unique_id "aisNjqzVaq-mvl-Hfs80pAAAAAk"]
[Thu Jun 11 16:33:34.546596 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-3AAAAVc"]
[Thu Jun 11 16:33:34.547445 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py"] [unique_id "aisNjk4Kpjoch0F_BSr-OwAAAEg"]
[Thu Jun 11 16:33:34.548097 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www.zip"] [unique_id "aisNjjlbUCMVJYfLxkpKJAAAAJg"]
[Thu Jun 11 16:33:34.549229 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80pQAAABg"]
[Thu Jun 11 16:33:34.549445 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/app/public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80pQAAABg"]
[Thu Jun 11 16:33:34.549654 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80pQAAABg"]
[Thu Jun 11 16:33:34.550398 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80pQAAABg"]
[Thu Jun 11 16:33:34.550432 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/jdbc.properties"] [unique_id "aisNjkKTwdTIu69rj41nKQAAAME"]
[Thu Jun 11 16:33:34.551260 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/swagger.json"] [unique_id "aisNjqzVaq-mvl-Hfs80pgAAABY"]
[Thu Jun 11 16:33:34.551884 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNjkKTwdTIu69rj41nKgAAANI"]
[Thu Jun 11 16:33:34.552062 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNjkKTwdTIu69rj41nKgAAANI"]
[Thu Jun 11 16:33:34.552306 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNjkKTwdTIu69rj41nKgAAANI"]
[Thu Jun 11 16:33:34.553267 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2FQAAARE"]
[Thu Jun 11 16:33:34.553329 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nKgAAANI"]
[Thu Jun 11 16:33:34.553459 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2FQAAARE"]
[Thu Jun 11 16:33:34.553665 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2FQAAARE"]
[Thu Jun 11 16:33:34.554226 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitattributes"] [unique_id "aisNjk4Kpjoch0F_BSr-PAAAAFM"]
[Thu Jun 11 16:33:34.554240 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2FQAAARE"]
[Thu Jun 11 16:33:34.555385 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNjjlbUCMVJYfLxkpKJQAAAII"]
[Thu Jun 11 16:33:34.555483 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNjjlbUCMVJYfLxkpKJQAAAII"]
[Thu Jun 11 16:33:34.555640 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNjjlbUCMVJYfLxkpKJQAAAII"]
[Thu Jun 11 16:33:34.555843 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNjjlbUCMVJYfLxkpKJQAAAII"]
[Thu Jun 11 16:33:34.556552 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKJQAAAII"]
[Thu Jun 11 16:33:34.556623 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.inc.php"] [unique_id "aisNjkKTwdTIu69rj41nKwAAAMA"]
[Thu Jun 11 16:33:34.557089 2026] [:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] File does not exist: /var/www/html/config.inc.php
[Thu Jun 11 16:33:34.557459 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Gemfile"] [unique_id "aisNjqzVaq-mvl-Hfs80pwAAABQ"]
[Thu Jun 11 16:33:34.559022 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpinfo.php"] [unique_id "aisNjv8lKn4qdPkDWlA2FgAAARQ"]
[Thu Jun 11 16:33:34.559362 2026] [:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] File does not exist: /var/www/html/phpinfo.php
[Thu Jun 11 16:33:34.559551 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNjkKTwdTIu69rj41nLAAAAM4"]
[Thu Jun 11 16:33:34.559819 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environments/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNjkKTwdTIu69rj41nLAAAAM4"]
[Thu Jun 11 16:33:34.560035 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNjkKTwdTIu69rj41nLAAAAM4"]
[Thu Jun 11 16:33:34.560937 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/app.php"] [unique_id "aisNjjlbUCMVJYfLxkpKJgAAAIA"]
[Thu Jun 11 16:33:34.561131 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nLAAAAM4"]
[Thu Jun 11 16:33:34.562229 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/hashing.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-3QAAAVM"]
[Thu Jun 11 16:33:34.562747 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNjpQ1oEsc4pCWMDP-3gAAAUc"]
[Thu Jun 11 16:33:34.562893 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNjpQ1oEsc4pCWMDP-3gAAAUc"]
[Thu Jun 11 16:33:34.563078 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNjpQ1oEsc4pCWMDP-3gAAAUc"]
[Thu Jun 11 16:33:34.563118 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-PQAAAFg"]
[Thu Jun 11 16:33:34.563250 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-PQAAAFg"]
[Thu Jun 11 16:33:34.563386 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-PQAAAFg"]
[Thu Jun 11 16:33:34.563942 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-3gAAAUc"]
[Thu Jun 11 16:33:34.564330 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-PQAAAFg"]
[Thu Jun 11 16:33:34.564850 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secrets.yml"] [unique_id "aisNjv8lKn4qdPkDWlA2FwAAAQM"]
[Thu Jun 11 16:33:34.583934 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/next.config.ts"] [unique_id "aisNjk4Kpjoch0F_BSr-PgAAAEY"]
[Thu Jun 11 16:33:34.585361 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/local.json"] [unique_id "aisNjjlbUCMVJYfLxkpKJwAAAIk"]
[Thu Jun 11 16:33:34.586177 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNjv8lKn4qdPkDWlA2GAAAAQ4"]
[Thu Jun 11 16:33:34.586317 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNjv8lKn4qdPkDWlA2GAAAAQ4"]
[Thu Jun 11 16:33:34.586523 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNjv8lKn4qdPkDWlA2GAAAAQ4"]
[Thu Jun 11 16:33:34.587259 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2GAAAAQ4"]
[Thu Jun 11 16:33:34.587506 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap-dev.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-3wAAAUw"]
[Thu Jun 11 16:33:34.588359 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/services.php"] [unique_id "aisNjk4Kpjoch0F_BSr-PwAAAEg"]
[Thu Jun 11 16:33:34.589758 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qQAAAAk"]
[Thu Jun 11 16:33:34.589964 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qQAAAAk"]
[Thu Jun 11 16:33:34.590169 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qQAAAAk"]
[Thu Jun 11 16:33:34.591081 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80qQAAAAk"]
[Thu Jun 11 16:33:34.591840 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ecosystem.config.js"] [unique_id "aisNjjlbUCMVJYfLxkpKKAAAAJg"]
[Thu Jun 11 16:33:34.593731 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qgAAABg"]
[Thu Jun 11 16:33:34.593950 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qgAAABg"]
[Thu Jun 11 16:33:34.594137 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80qgAAABg"]
[Thu Jun 11 16:33:34.595158 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80qgAAABg"]
[Thu Jun 11 16:33:34.596231 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNjqzVaq-mvl-Hfs80qwAAABY"]
[Thu Jun 11 16:33:34.596322 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNjqzVaq-mvl-Hfs80qwAAABY"]
[Thu Jun 11 16:33:34.596459 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNjqzVaq-mvl-Hfs80qwAAABY"]
[Thu Jun 11 16:33:34.596679 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNjqzVaq-mvl-Hfs80qwAAABY"]
[Thu Jun 11 16:33:34.597614 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80qwAAABY"]
[Thu Jun 11 16:33:34.598238 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNjv8lKn4qdPkDWlA2GQAAARE"]
[Thu Jun 11 16:33:34.598396 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNjv8lKn4qdPkDWlA2GQAAARE"]
[Thu Jun 11 16:33:34.598611 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNjv8lKn4qdPkDWlA2GQAAARE"]
[Thu Jun 11 16:33:34.599373 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2GQAAARE"]
[Thu Jun 11 16:33:34.600271 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-4AAAAVc"]
[Thu Jun 11 16:33:34.600447 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-4AAAAVc"]
[Thu Jun 11 16:33:34.600619 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-4AAAAVc"]
[Thu Jun 11 16:33:34.600716 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.terraform/terraform.tfstate"] [unique_id "aisNjk4Kpjoch0F_BSr-QAAAAFM"]
[Thu Jun 11 16:33:34.601319 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-4AAAAVc"]
[Thu Jun 11 16:33:34.602084 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKKQAAAII"]
[Thu Jun 11 16:33:34.602242 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKKQAAAII"]
[Thu Jun 11 16:33:34.602413 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKKQAAAII"]
[Thu Jun 11 16:33:34.602415 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNjkKTwdTIu69rj41nLQAAANI"]
[Thu Jun 11 16:33:34.602489 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNjkKTwdTIu69rj41nLQAAANI"]
[Thu Jun 11 16:33:34.602770 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNjkKTwdTIu69rj41nLQAAANI"]
[Thu Jun 11 16:33:34.603131 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKKQAAAII"]
[Thu Jun 11 16:33:34.603510 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nLQAAANI"]
[Thu Jun 11 16:33:34.604180 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNjqzVaq-mvl-Hfs80rAAAABQ"]
[Thu Jun 11 16:33:34.604258 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secrets.yml"] [unique_id "aisNjv8lKn4qdPkDWlA2GgAAARQ"]
[Thu Jun 11 16:33:34.604366 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNjqzVaq-mvl-Hfs80rAAAABQ"]
[Thu Jun 11 16:33:34.604604 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNjqzVaq-mvl-Hfs80rAAAABQ"]
[Thu Jun 11 16:33:34.606268 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production.json"] [unique_id "aisNjjlbUCMVJYfLxkpKKgAAAIA"]
[Thu Jun 11 16:33:34.606332 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/crossdomain.xml"] [unique_id "aisNjkKTwdTIu69rj41nLgAAAM4"]
[Thu Jun 11 16:33:34.608188 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/info.php"] [unique_id "aisNjk4Kpjoch0F_BSr-QQAAAFg"]
[Thu Jun 11 16:33:34.608271 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.buildkite/env"] [unique_id "aisNjkKTwdTIu69rj41nLwAAAME"]
[Thu Jun 11 16:33:34.608503 2026] [:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] File does not exist: /var/www/html/info.php
[Thu Jun 11 16:33:34.609343 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80rAAAABQ"]
[Thu Jun 11 16:33:34.609928 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNjpQ1oEsc4pCWMDP-4QAAAVM"]
[Thu Jun 11 16:33:34.610145 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNjpQ1oEsc4pCWMDP-4QAAAVM"]
[Thu Jun 11 16:33:34.610334 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNjpQ1oEsc4pCWMDP-4QAAAVM"]
[Thu Jun 11 16:33:34.611062 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-4QAAAVM"]
[Thu Jun 11 16:33:34.611698 2026] [authz_core:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] AH01630: client denied by server configuration: /var/www/html/.htpasswd
[Thu Jun 11 16:33:34.613098 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.local"] [unique_id "aisNjpQ1oEsc4pCWMDP-4gAAAUc"]
[Thu Jun 11 16:33:34.614624 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/p.php"] [unique_id "aisNjkKTwdTIu69rj41nMAAAAMA"]
[Thu Jun 11 16:33:34.614874 2026] [:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] File does not exist: /var/www/html/p.php
[Thu Jun 11 16:33:34.631479 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public.zip"] [unique_id "aisNjv8lKn4qdPkDWlA2HAAAAQ4"]
[Thu Jun 11 16:33:34.637555 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNjjlbUCMVJYfLxkpKKwAAAIk"]
[Thu Jun 11 16:33:34.647851 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNjjlbUCMVJYfLxkpKKwAAAIk"]
[Thu Jun 11 16:33:34.648089 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNjjlbUCMVJYfLxkpKKwAAAIk"]
[Thu Jun 11 16:33:34.648887 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKKwAAAIk"]
[Thu Jun 11 16:33:34.649808 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.docker.env"] [unique_id "aisNjkKTwdTIu69rj41nMQAAANI"]
[Thu Jun 11 16:33:34.649889 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.py"] [unique_id "aisNjpQ1oEsc4pCWMDP-4wAAAUw"]
[Thu Jun 11 16:33:34.651383 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-5AAAAVc"]
[Thu Jun 11 16:33:34.651543 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-5AAAAVc"]
[Thu Jun 11 16:33:34.651695 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.tar.gz"] [unique_id "aisNjjlbUCMVJYfLxkpKLQAAAII"]
[Thu Jun 11 16:33:34.651849 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-5AAAAVc"]
[Thu Jun 11 16:33:34.652525 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-5AAAAVc"]
[Thu Jun 11 16:33:34.653247 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80rwAAABQ"]
[Thu Jun 11 16:33:34.653333 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test.php"] [unique_id "aisNjkKTwdTIu69rj41nMgAAAM4"]
[Thu Jun 11 16:33:34.653406 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80rwAAABQ"]
[Thu Jun 11 16:33:34.653607 2026] [:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] File does not exist: /var/www/html/test.php
[Thu Jun 11 16:33:34.653636 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80rwAAABQ"]
[Thu Jun 11 16:33:34.654353 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80rwAAABQ"]
[Thu Jun 11 16:33:34.655123 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html.tar.gz"] [unique_id "aisNjqzVaq-mvl-Hfs80sAAAABY"]
[Thu Jun 11 16:33:34.655182 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ftpsync.settings"] [unique_id "aisNjv8lKn4qdPkDWlA2HQAAARQ"]
[Thu Jun 11 16:33:34.656198 2026] [security2:error] [pid 21295:tid 21326] [client 162.243.172.115:53194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cpanel"] [unique_id "aisNjjlbUCMVJYfLxkpKLgAAAIA"]
[Thu Jun 11 16:33:34.638349 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/codeship.env"] [unique_id "aisNjqzVaq-mvl-Hfs80rQAAABg"]
[Thu Jun 11 16:33:34.638470 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-QgAAAEY"]
[Thu Jun 11 16:33:34.657423 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.firebaserc"] [unique_id "aisNjk4Kpjoch0F_BSr-RAAAAFM"]
[Thu Jun 11 16:33:34.657627 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /builds/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-QgAAAEY"]
[Thu Jun 11 16:33:34.657908 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-QgAAAEY"]
[Thu Jun 11 16:33:34.639084 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.test"] [unique_id "aisNjqzVaq-mvl-Hfs80rgAAAAk"]
[Thu Jun 11 16:33:34.658890 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap.properties"] [unique_id "aisNjkKTwdTIu69rj41nMwAAAME"]
[Thu Jun 11 16:33:34.660179 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-admin/"] [unique_id "aisNjkKTwdTIu69rj41nNAAAAMA"]
[Thu Jun 11 16:33:34.661899 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2HgAAARE"]
[Thu Jun 11 16:33:34.661974 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2HgAAARE"]
[Thu Jun 11 16:33:34.662271 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2HgAAARE"]
[Thu Jun 11 16:33:34.662674 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNjpQ1oEsc4pCWMDP-5gAAAUc"]
[Thu Jun 11 16:33:34.662742 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNjpQ1oEsc4pCWMDP-5gAAAUc"]
[Thu Jun 11 16:33:34.662928 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2HgAAARE"]
[Thu Jun 11 16:33:34.646181 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local.php"] [unique_id "aisNjjlbUCMVJYfLxkpKLAAAAJg"]
[Thu Jun 11 16:33:34.663066 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNjpQ1oEsc4pCWMDP-5gAAAUc"]
[Thu Jun 11 16:33:34.663331 2026] [:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] File does not exist: /var/www/html/local.php
[Thu Jun 11 16:33:34.663751 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-5gAAAUc"]
[Thu Jun 11 16:33:34.647264 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql.gz"] [unique_id "aisNjk4Kpjoch0F_BSr-QwAAAEg"]
[Thu Jun 11 16:33:34.665481 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-QgAAAEY"]
[Thu Jun 11 16:33:34.666127 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNjv8lKn4qdPkDWlA2HwAAAQM"]
[Thu Jun 11 16:33:34.666202 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNjv8lKn4qdPkDWlA2HwAAAQM"]
[Thu Jun 11 16:33:34.666317 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNjv8lKn4qdPkDWlA2HwAAAQM"]
[Thu Jun 11 16:33:34.666509 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNjv8lKn4qdPkDWlA2HwAAAQM"]
[Thu Jun 11 16:33:34.667354 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2HwAAAQM"]
[Thu Jun 11 16:33:34.667529 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNjpQ1oEsc4pCWMDP-5QAAAVM"]
[Thu Jun 11 16:33:34.667715 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNjpQ1oEsc4pCWMDP-5QAAAVM"]
[Thu Jun 11 16:33:34.667902 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNjpQ1oEsc4pCWMDP-5QAAAVM"]
[Thu Jun 11 16:33:34.668603 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-5QAAAVM"]
[Thu Jun 11 16:33:34.669873 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/services.php"] [unique_id "aisNjk4Kpjoch0F_BSr-RQAAAFg"]
[Thu Jun 11 16:33:34.678920 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/conf/settings.py"] [unique_id "aisNjv8lKn4qdPkDWlA2IQAAAQ4"]
[Thu Jun 11 16:33:34.691067 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/default.json"] [unique_id "aisNjpQ1oEsc4pCWMDP-5wAAAUw"]
[Thu Jun 11 16:33:34.694169 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKLwAAAIk"]
[Thu Jun 11 16:33:34.694336 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKLwAAAIk"]
[Thu Jun 11 16:33:34.694520 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKLwAAAIk"]
[Thu Jun 11 16:33:34.695249 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKLwAAAIk"]
[Thu Jun 11 16:33:34.696466 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6AAAAVc"]
[Thu Jun 11 16:33:34.696677 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6AAAAVc"]
[Thu Jun 11 16:33:34.696832 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6AAAAVc"]
[Thu Jun 11 16:33:34.697552 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-6AAAAVc"]
[Thu Jun 11 16:33:34.702366 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNjkKTwdTIu69rj41nNQAAAME"]
[Thu Jun 11 16:33:34.702526 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/framework/cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNjkKTwdTIu69rj41nNQAAAME"]
[Thu Jun 11 16:33:34.702822 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNjkKTwdTIu69rj41nNQAAAME"]
[Thu Jun 11 16:33:34.703484 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nNQAAAME"]
[Thu Jun 11 16:33:34.704478 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/openapi.json"] [unique_id "aisNjjlbUCMVJYfLxkpKMAAAAJg"]
[Thu Jun 11 16:33:34.708439 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.remote-sync.json"] [unique_id "aisNjqzVaq-mvl-Hfs80sQAAAAk"]
[Thu Jun 11 16:33:34.710252 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNjjlbUCMVJYfLxkpKMQAAAII"]
[Thu Jun 11 16:33:34.710423 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNjjlbUCMVJYfLxkpKMQAAAII"]
[Thu Jun 11 16:33:34.710628 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNjjlbUCMVJYfLxkpKMQAAAII"]
[Thu Jun 11 16:33:34.711429 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKMQAAAII"]
[Thu Jun 11 16:33:34.717210 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql.gz"] [unique_id "aisNjk4Kpjoch0F_BSr-RgAAAFg"]
[Thu Jun 11 16:33:34.719917 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNjkKTwdTIu69rj41nNgAAANI"]
[Thu Jun 11 16:33:34.720074 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNjkKTwdTIu69rj41nNgAAANI"]
[Thu Jun 11 16:33:34.720273 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNjkKTwdTIu69rj41nNgAAANI"]
[Thu Jun 11 16:33:34.720966 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nNgAAANI"]
[Thu Jun 11 16:33:34.722680 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.js"] [unique_id "aisNjv8lKn4qdPkDWlA2IgAAARQ"]
[Thu Jun 11 16:33:34.724692 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/firebase.json"] [unique_id "aisNjk4Kpjoch0F_BSr-RwAAAEY"]
[Thu Jun 11 16:33:34.726214 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6QAAAUc"]
[Thu Jun 11 16:33:34.726365 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6QAAAUc"]
[Thu Jun 11 16:33:34.726542 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-6QAAAUc"]
[Thu Jun 11 16:33:34.727192 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-6QAAAUc"]
[Thu Jun 11 16:33:34.728180 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/inc/config.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-6gAAAVM"]
[Thu Jun 11 16:33:34.730083 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.json"] [unique_id "aisNjv8lKn4qdPkDWlA2IwAAAQ4"]
[Thu Jun 11 16:33:34.732127 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNjkKTwdTIu69rj41nNwAAAMA"]
[Thu Jun 11 16:33:34.732292 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.acceptance"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNjkKTwdTIu69rj41nNwAAAMA"]
[Thu Jun 11 16:33:34.732475 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNjkKTwdTIu69rj41nNwAAAMA"]
[Thu Jun 11 16:33:34.733146 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nNwAAAMA"]
[Thu Jun 11 16:33:34.734117 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNjqzVaq-mvl-Hfs80sgAAABY"]
[Thu Jun 11 16:33:34.734260 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNjqzVaq-mvl-Hfs80sgAAABY"]
[Thu Jun 11 16:33:34.734429 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNjqzVaq-mvl-Hfs80sgAAABY"]
[Thu Jun 11 16:33:34.735275 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80sgAAABY"]
[Thu Jun 11 16:33:34.736197 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNjkKTwdTIu69rj41nOAAAAM4"]
[Thu Jun 11 16:33:34.736344 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNjkKTwdTIu69rj41nOAAAAM4"]
[Thu Jun 11 16:33:34.736542 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNjkKTwdTIu69rj41nOAAAAM4"]
[Thu Jun 11 16:33:34.737512 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNjpQ1oEsc4pCWMDP-6wAAAVc"]
[Thu Jun 11 16:33:34.737641 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nOAAAAM4"]
[Thu Jun 11 16:33:34.737706 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNjpQ1oEsc4pCWMDP-6wAAAVc"]
[Thu Jun 11 16:33:34.737846 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNjpQ1oEsc4pCWMDP-6wAAAVc"]
[Thu Jun 11 16:33:34.738589 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-6wAAAVc"]
[Thu Jun 11 16:33:34.738931 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNjv8lKn4qdPkDWlA2JAAAARE"]
[Thu Jun 11 16:33:34.739020 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNjv8lKn4qdPkDWlA2JAAAARE"]
[Thu Jun 11 16:33:34.739279 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNjv8lKn4qdPkDWlA2JAAAARE"]
[Thu Jun 11 16:33:34.740287 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2JAAAARE"]
[Thu Jun 11 16:33:34.741303 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings/base.py"] [unique_id "aisNjk4Kpjoch0F_BSr-SAAAAFM"]
[Thu Jun 11 16:33:34.742991 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.yaml"] [unique_id "aisNjqzVaq-mvl-Hfs80swAAABQ"]
[Thu Jun 11 16:33:34.743291 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/next.config.js"] [unique_id "aisNjkKTwdTIu69rj41nOQAAAME"]
[Thu Jun 11 16:33:34.744780 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80tAAAABg"]
[Thu Jun 11 16:33:34.744856 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80tAAAABg"]
[Thu Jun 11 16:33:34.745146 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80tAAAABg"]
[Thu Jun 11 16:33:34.745263 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-local.yml"] [unique_id "aisNjjlbUCMVJYfLxkpKMgAAAJg"]
[Thu Jun 11 16:33:34.745796 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80tAAAABg"]
[Thu Jun 11 16:33:34.746682 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-SQAAAEg"]
[Thu Jun 11 16:33:34.746856 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-SQAAAEg"]
[Thu Jun 11 16:33:34.747002 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-SQAAAEg"]
[Thu Jun 11 16:33:34.747696 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-SQAAAEg"]
[Thu Jun 11 16:33:34.748694 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2JQAAAQM"]
[Thu Jun 11 16:33:34.748869 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2JQAAAQM"]
[Thu Jun 11 16:33:34.749188 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2JQAAAQM"]
[Thu Jun 11 16:33:34.750235 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2JQAAAQM"]
[Thu Jun 11 16:33:34.751409 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.runtimeconfig.json"] [unique_id "aisNjqzVaq-mvl-Hfs80tQAAAAk"]
[Thu Jun 11 16:33:34.753248 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-7AAAAUw"]
[Thu Jun 11 16:33:34.753318 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-7AAAAUw"]
[Thu Jun 11 16:33:34.753679 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-7AAAAUw"]
[Thu Jun 11 16:33:34.754380 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-7AAAAUw"]
[Thu Jun 11 16:33:34.755340 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNjjlbUCMVJYfLxkpKMwAAAII"]
[Thu Jun 11 16:33:34.755491 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNjjlbUCMVJYfLxkpKMwAAAII"]
[Thu Jun 11 16:33:34.755663 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNjjlbUCMVJYfLxkpKMwAAAII"]
[Thu Jun 11 16:33:34.756274 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKMwAAAII"]
[Thu Jun 11 16:33:34.757199 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKNAAAAIk"]
[Thu Jun 11 16:33:34.757338 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/environments/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKNAAAAIk"]
[Thu Jun 11 16:33:34.757478 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKNAAAAIk"]
[Thu Jun 11 16:33:34.758156 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKNAAAAIk"]
[Thu Jun 11 16:33:34.762206 2026] [authz_core:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] AH01630: client denied by server configuration: /var/www/html/error_log
[Thu Jun 11 16:33:34.764159 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNjkKTwdTIu69rj41nOgAAANI"]
[Thu Jun 11 16:33:34.764230 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNjkKTwdTIu69rj41nOgAAANI"]
[Thu Jun 11 16:33:34.764516 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNjkKTwdTIu69rj41nOgAAANI"]
[Thu Jun 11 16:33:34.765163 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nOgAAANI"]
[Thu Jun 11 16:33:34.767500 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-TAAAAEY"]
[Thu Jun 11 16:33:34.767748 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-TAAAAEY"]
[Thu Jun 11 16:33:34.768023 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-TAAAAEY"]
[Thu Jun 11 16:33:34.769066 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-TAAAAEY"]
[Thu Jun 11 16:33:34.769285 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNjv8lKn4qdPkDWlA2JgAAARQ"]
[Thu Jun 11 16:33:34.769503 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ecosystem"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNjv8lKn4qdPkDWlA2JgAAARQ"]
[Thu Jun 11 16:33:34.769718 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNjv8lKn4qdPkDWlA2JgAAARQ"]
[Thu Jun 11 16:33:34.770677 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2JgAAARQ"]
[Thu Jun 11 16:33:34.774594 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site.tar.gz"] [unique_id "aisNjpQ1oEsc4pCWMDP-7QAAAVM"]
[Thu Jun 11 16:33:34.776410 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNjkKTwdTIu69rj41nOwAAAMA"]
[Thu Jun 11 16:33:34.776565 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bkp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNjkKTwdTIu69rj41nOwAAAMA"]
[Thu Jun 11 16:33:34.776780 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNjkKTwdTIu69rj41nOwAAAMA"]
[Thu Jun 11 16:33:34.777355 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secrets.json"] [unique_id "aisNjv8lKn4qdPkDWlA2JwAAAQ4"]
[Thu Jun 11 16:33:34.777543 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nOwAAAMA"]
[Thu Jun 11 16:33:34.779264 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-7gAAAUc"]
[Thu Jun 11 16:33:34.779419 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-7gAAAUc"]
[Thu Jun 11 16:33:34.779753 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP-7gAAAUc"]
[Thu Jun 11 16:33:34.780422 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-7gAAAUc"]
[Thu Jun 11 16:33:34.781373 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/pma/"] [unique_id "aisNjqzVaq-mvl-Hfs80tgAAABY"]
[Thu Jun 11 16:33:34.783047 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNjpQ1oEsc4pCWMDP-7wAAAVc"]
[Thu Jun 11 16:33:34.783330 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNjpQ1oEsc4pCWMDP-7wAAAVc"]
[Thu Jun 11 16:33:34.783452 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNjpQ1oEsc4pCWMDP-7wAAAVc"]
[Thu Jun 11 16:33:34.783662 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNjpQ1oEsc4pCWMDP-7wAAAVc"]
[Thu Jun 11 16:33:34.784297 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-7wAAAVc"]
[Thu Jun 11 16:33:34.785434 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/app.php"] [unique_id "aisNjkKTwdTIu69rj41nPAAAAM4"]
[Thu Jun 11 16:33:34.785551 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/swagger/v1/swagger.json"] [unique_id "aisNjkKTwdTIu69rj41nPQAAAME"]
[Thu Jun 11 16:33:34.787310 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.zip"] [unique_id "aisNjqzVaq-mvl-Hfs80twAAABg"]
[Thu Jun 11 16:33:34.787354 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNjjlbUCMVJYfLxkpKNQAAAJg"]
[Thu Jun 11 16:33:34.787500 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNjjlbUCMVJYfLxkpKNQAAAJg"]
[Thu Jun 11 16:33:34.787706 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNjjlbUCMVJYfLxkpKNQAAAJg"]
[Thu Jun 11 16:33:34.788412 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKNQAAAJg"]
[Thu Jun 11 16:33:34.789319 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/includes/configure.php"] [unique_id "aisNjqzVaq-mvl-Hfs80uAAAABQ"]
[Thu Jun 11 16:33:34.789647 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Pipfile"] [unique_id "aisNjk4Kpjoch0F_BSr-TQAAAFM"]
[Thu Jun 11 16:33:34.791843 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/telescope/requests"] [unique_id "aisNjk4Kpjoch0F_BSr-TgAAAEg"]
[Thu Jun 11 16:33:34.792543 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/kubeconfig"] [unique_id "aisNjv8lKn4qdPkDWlA2KAAAARE"]
[Thu Jun 11 16:33:34.794292 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production.php"] [unique_id "aisNjqzVaq-mvl-Hfs80uQAAAAk"]
[Thu Jun 11 16:33:34.794641 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/auth.php"] [unique_id "aisNjv8lKn4qdPkDWlA2KQAAAQM"]
[Thu Jun 11 16:33:34.795896 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNjpQ1oEsc4pCWMDP-8AAAAUw"]
[Thu Jun 11 16:33:34.796050 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNjpQ1oEsc4pCWMDP-8AAAAUw"]
[Thu Jun 11 16:33:34.796236 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNjpQ1oEsc4pCWMDP-8AAAAUw"]
[Thu Jun 11 16:33:34.797092 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-8AAAAUw"]
[Thu Jun 11 16:33:34.798151 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKNgAAAIk"]
[Thu Jun 11 16:33:34.798216 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKNgAAAIk"]
[Thu Jun 11 16:33:34.798459 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNjjlbUCMVJYfLxkpKNgAAAIk"]
[Thu Jun 11 16:33:34.799651 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKNgAAAIk"]
[Thu Jun 11 16:33:34.801127 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.py"] [unique_id "aisNjjlbUCMVJYfLxkpKNwAAAII"]
[Thu Jun 11 16:33:34.809400 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/autoload.php"] [unique_id "aisNjk4Kpjoch0F_BSr-TwAAAFg"]
[Thu Jun 11 16:33:34.811865 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/kubernetesconfig.json"] [unique_id "aisNjkKTwdTIu69rj41nPgAAANI"]
[Thu Jun 11 16:33:34.813669 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server-info"] [unique_id "aisNjk4Kpjoch0F_BSr-UAAAAEY"]
[Thu Jun 11 16:33:34.815755 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KgAAARQ"]
[Thu Jun 11 16:33:34.816939 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KgAAARQ"]
[Thu Jun 11 16:33:34.817092 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KgAAARQ"]
[Thu Jun 11 16:33:34.817801 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2KgAAARQ"]
[Thu Jun 11 16:33:34.822151 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNjkKTwdTIu69rj41nPwAAAMA"]
[Thu Jun 11 16:33:34.822289 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNjkKTwdTIu69rj41nPwAAAMA"]
[Thu Jun 11 16:33:34.822431 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNjkKTwdTIu69rj41nPwAAAMA"]
[Thu Jun 11 16:33:34.823183 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nPwAAAMA"]
[Thu Jun 11 16:33:34.824069 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-prod.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-8QAAAVc"]
[Thu Jun 11 16:33:34.824111 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/include/config.php"] [unique_id "aisNjpQ1oEsc4pCWMDP-8gAAAVM"]
[Thu Jun 11 16:33:34.826071 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KwAAAQ4"]
[Thu Jun 11 16:33:34.826213 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KwAAAQ4"]
[Thu Jun 11 16:33:34.826407 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2KwAAAQ4"]
[Thu Jun 11 16:33:34.826783 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.circleci/config.yml"] [unique_id "aisNjkKTwdTIu69rj41nQAAAAME"]
[Thu Jun 11 16:33:34.827109 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2KwAAAQ4"]
[Thu Jun 11 16:33:34.828028 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNjqzVaq-mvl-Hfs80ugAAABY"]
[Thu Jun 11 16:33:34.828179 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNjqzVaq-mvl-Hfs80ugAAABY"]
[Thu Jun 11 16:33:34.828358 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNjqzVaq-mvl-Hfs80ugAAABY"]
[Thu Jun 11 16:33:34.828732 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/manager/"] [unique_id "aisNjpQ1oEsc4pCWMDP-8wAAAUc"]
[Thu Jun 11 16:33:34.829104 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80ugAAABY"]
[Thu Jun 11 16:33:34.829964 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80uwAAABg"]
[Thu Jun 11 16:33:34.830121 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80uwAAABg"]
[Thu Jun 11 16:33:34.830284 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNjqzVaq-mvl-Hfs80uwAAABg"]
[Thu Jun 11 16:33:34.830763 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNjjlbUCMVJYfLxkpKOAAAAJg"]
[Thu Jun 11 16:33:34.830916 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNjjlbUCMVJYfLxkpKOAAAAJg"]
[Thu Jun 11 16:33:34.831063 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNjjlbUCMVJYfLxkpKOAAAAJg"]
[Thu Jun 11 16:33:34.831106 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80uwAAABg"]
[Thu Jun 11 16:33:34.832555 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKOAAAAJg"]
[Thu Jun 11 16:33:34.833531 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql/"] [unique_id "aisNjkKTwdTIu69rj41nQQAAAM4"]
[Thu Jun 11 16:33:34.833849 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings/production.py"] [unique_id "aisNjqzVaq-mvl-Hfs80vAAAABQ"]
[Thu Jun 11 16:33:34.836032 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api-docs"] [unique_id "aisNjpQ1oEsc4pCWMDP-9AAAAUw"]
[Thu Jun 11 16:33:34.838230 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server-status"] [unique_id "aisNjqzVaq-mvl-Hfs80vQAAAAk"]
[Thu Jun 11 16:33:34.839312 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.prod.yaml"] [unique_id "aisNjjlbUCMVJYfLxkpKOQAAAIk"]
[Thu Jun 11 16:33:34.840325 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/services.php"] [unique_id "aisNjk4Kpjoch0F_BSr-UQAAAEg"]
[Thu Jun 11 16:33:34.841328 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LAAAARE"]
[Thu Jun 11 16:33:34.841536 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LAAAARE"]
[Thu Jun 11 16:33:34.841548 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LQAAAQM"]
[Thu Jun 11 16:33:34.841720 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LQAAAQM"]
[Thu Jun 11 16:33:34.841770 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LAAAARE"]
[Thu Jun 11 16:33:34.841967 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2LQAAAQM"]
[Thu Jun 11 16:33:34.842623 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.json"] [unique_id "aisNjk4Kpjoch0F_BSr-UgAAAFM"]
[Thu Jun 11 16:33:34.842680 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2LQAAAQM"]
[Thu Jun 11 16:33:34.843382 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2LAAAARE"]
[Thu Jun 11 16:33:34.845473 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.php"] [unique_id "aisNjjlbUCMVJYfLxkpKOgAAAII"]
[Thu Jun 11 16:33:34.855350 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-UwAAAEY"]
[Thu Jun 11 16:33:34.855493 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-UwAAAEY"]
[Thu Jun 11 16:33:34.855681 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-UwAAAEY"]
[Thu Jun 11 16:33:34.856363 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-UwAAAEY"]
[Thu Jun 11 16:33:34.857226 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNjk4Kpjoch0F_BSr-VAAAAFg"]
[Thu Jun 11 16:33:34.857382 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNjk4Kpjoch0F_BSr-VAAAAFg"]
[Thu Jun 11 16:33:34.858155 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNjkKTwdTIu69rj41nQgAAANI"]
[Thu Jun 11 16:33:34.858239 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNjkKTwdTIu69rj41nQgAAANI"]
[Thu Jun 11 16:33:34.858494 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNjkKTwdTIu69rj41nQgAAANI"]
[Thu Jun 11 16:33:34.859162 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nQgAAANI"]
[Thu Jun 11 16:33:34.859593 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNjk4Kpjoch0F_BSr-VAAAAFg"]
[Thu Jun 11 16:33:34.860321 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-VAAAAFg"]
[Thu Jun 11 16:33:34.862155 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.drone.yml"] [unique_id "aisNjv8lKn4qdPkDWlA2LgAAARQ"]
[Thu Jun 11 16:33:34.869204 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/queue.php"] [unique_id "aisNjkKTwdTIu69rj41nQwAAAMA"]
[Thu Jun 11 16:33:34.871009 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.Development.json"] [unique_id "aisNjkKTwdTIu69rj41nRAAAAME"]
[Thu Jun 11 16:33:34.873005 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/frontend_dev.php/$"] [unique_id "aisNjpQ1oEsc4pCWMDP-9QAAAVc"]
[Thu Jun 11 16:33:34.873374 2026] [:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] File does not exist: /var/www/html/frontend_dev.php
[Thu Jun 11 16:33:34.873732 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/build.gradle"] [unique_id "aisNjjlbUCMVJYfLxkpKPQAAAJg"]
[Thu Jun 11 16:33:34.875718 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNjpQ1oEsc4pCWMDP-9wAAAUc"]
[Thu Jun 11 16:33:34.875769 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80vgAAABY"]
[Thu Jun 11 16:33:34.875785 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNjpQ1oEsc4pCWMDP-9wAAAUc"]
[Thu Jun 11 16:33:34.875833 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80vgAAABY"]
[Thu Jun 11 16:33:34.875973 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNjpQ1oEsc4pCWMDP-9wAAAUc"]
[Thu Jun 11 16:33:34.876097 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNjqzVaq-mvl-Hfs80vgAAABY"]
[Thu Jun 11 16:33:34.876770 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80vgAAABY"]
[Thu Jun 11 16:33:34.877046 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-9gAAAVM"]
[Thu Jun 11 16:33:34.877112 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-9gAAAVM"]
[Thu Jun 11 16:33:34.877415 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNjpQ1oEsc4pCWMDP-9gAAAVM"]
[Thu Jun 11 16:33:34.878228 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-9gAAAVM"]
[Thu Jun 11 16:33:34.878817 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNjqzVaq-mvl-Hfs80vwAAABQ"]
[Thu Jun 11 16:33:34.879091 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNjqzVaq-mvl-Hfs80vwAAABQ"]
[Thu Jun 11 16:33:34.879162 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/filesystems.php"] [unique_id "aisNjkKTwdTIu69rj41nRQAAAM4"]
[Thu Jun 11 16:33:34.879284 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNjqzVaq-mvl-Hfs80vwAAABQ"]
[Thu Jun 11 16:33:34.879966 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80vwAAABQ"]
[Thu Jun 11 16:33:34.880751 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNjqzVaq-mvl-Hfs80wAAAAAk"]
[Thu Jun 11 16:33:34.880894 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNjqzVaq-mvl-Hfs80wAAAAAk"]
[Thu Jun 11 16:33:34.881055 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNjqzVaq-mvl-Hfs80wAAAAAk"]
[Thu Jun 11 16:33:34.881098 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNjqzVaq-mvl-Hfs80wQAAABg"]
[Thu Jun 11 16:33:34.881245 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNjqzVaq-mvl-Hfs80wQAAABg"]
[Thu Jun 11 16:33:34.881521 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNjqzVaq-mvl-Hfs80wQAAABg"]
[Thu Jun 11 16:33:34.881802 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80wAAAAAk"]
[Thu Jun 11 16:33:34.882210 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-9wAAAUc"]
[Thu Jun 11 16:33:34.882281 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80wQAAABg"]
[Thu Jun 11 16:33:34.883058 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nodemon.json"] [unique_id "aisNjv8lKn4qdPkDWlA2LwAAAQ4"]
[Thu Jun 11 16:33:34.884302 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--AAAAUw"]
[Thu Jun 11 16:33:34.884467 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dump/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--AAAAUw"]
[Thu Jun 11 16:33:34.884685 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--AAAAUw"]
[Thu Jun 11 16:33:34.884863 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/cache.php"] [unique_id "aisNjk4Kpjoch0F_BSr-VQAAAEg"]
[Thu Jun 11 16:33:34.885381 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP--AAAAUw"]
[Thu Jun 11 16:33:34.887084 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MAAAAQM"]
[Thu Jun 11 16:33:34.887737 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/"] [unique_id "aisNjk4Kpjoch0F_BSr-VgAAAFM"]
[Thu Jun 11 16:33:34.889596 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/queue.php"] [unique_id "aisNjv8lKn4qdPkDWlA2MQAAARE"]
[Thu Jun 11 16:33:34.889865 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MAAAAQM"]
[Thu Jun 11 16:33:34.890189 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MAAAAQM"]
[Thu Jun 11 16:33:34.891022 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2MAAAAQM"]
[Thu Jun 11 16:33:34.891935 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPgAAAII"]
[Thu Jun 11 16:33:34.892153 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPgAAAII"]
[Thu Jun 11 16:33:34.892347 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPgAAAII"]
[Thu Jun 11 16:33:34.893294 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKPgAAAII"]
[Thu Jun 11 16:33:34.896124 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.json"] [unique_id "aisNjk4Kpjoch0F_BSr-VwAAAEY"]
[Thu Jun 11 16:33:34.900136 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPwAAAIk"]
[Thu Jun 11 16:33:34.900325 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPwAAAIk"]
[Thu Jun 11 16:33:34.900548 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNjjlbUCMVJYfLxkpKPwAAAIk"]
[Thu Jun 11 16:33:34.901426 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKPwAAAIk"]
[Thu Jun 11 16:33:34.903331 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNjkKTwdTIu69rj41nRgAAANI"]
[Thu Jun 11 16:33:34.903505 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNjkKTwdTIu69rj41nRgAAANI"]
[Thu Jun 11 16:33:34.903756 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNjkKTwdTIu69rj41nRgAAANI"]
[Thu Jun 11 16:33:34.904437 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nRgAAANI"]
[Thu Jun 11 16:33:34.905320 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap/cache/config.php"] [unique_id "aisNjk4Kpjoch0F_BSr-WAAAAFg"]
[Thu Jun 11 16:33:34.909029 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MgAAARQ"]
[Thu Jun 11 16:33:34.909185 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MgAAARQ"]
[Thu Jun 11 16:33:34.909373 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2MgAAARQ"]
[Thu Jun 11 16:33:34.910070 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2MgAAARQ"]
[Thu Jun 11 16:33:34.914291 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/custom-environment-variables.json"] [unique_id "aisNjkKTwdTIu69rj41nRwAAAME"]
[Thu Jun 11 16:33:34.916110 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/myadmin/"] [unique_id "aisNjkKTwdTIu69rj41nSAAAAMA"]
[Thu Jun 11 16:33:34.916833 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--gAAAVc"]
[Thu Jun 11 16:33:34.917060 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--gAAAVc"]
[Thu Jun 11 16:33:34.917270 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNjpQ1oEsc4pCWMDP--gAAAVc"]
[Thu Jun 11 16:33:34.917967 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQAAAAJg"]
[Thu Jun 11 16:33:34.918132 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP--gAAAVc"]
[Thu Jun 11 16:33:34.918135 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /common/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQAAAAJg"]
[Thu Jun 11 16:33:34.918376 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQAAAAJg"]
[Thu Jun 11 16:33:34.919073 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKQAAAAJg"]
[Thu Jun 11 16:33:34.922624 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP--wAAAUc"]
[Thu Jun 11 16:33:34.922891 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP--wAAAUc"]
[Thu Jun 11 16:33:34.923122 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP--wAAAUc"]
[Thu Jun 11 16:33:34.924191 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP--wAAAUc"]
[Thu Jun 11 16:33:34.925383 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ansible/group_vars/all.yml"] [unique_id "aisNjqzVaq-mvl-Hfs80wgAAAAk"]
[Thu Jun 11 16:33:34.925522 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/META-INF/context.xml"] [unique_id "aisNjpQ1oEsc4pCWMDP-_AAAAVM"]
[Thu Jun 11 16:33:34.926158 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nSQAAAM4"]
[Thu Jun 11 16:33:34.926305 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nSQAAAM4"]
[Thu Jun 11 16:33:34.926695 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNjkKTwdTIu69rj41nSQAAAM4"]
[Thu Jun 11 16:33:34.927402 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nSQAAAM4"]
[Thu Jun 11 16:33:34.927440 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/requirements.txt"] [unique_id "aisNjk4Kpjoch0F_BSr-WQAAAEg"]
[Thu Jun 11 16:33:34.928271 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/env.php"] [unique_id "aisNjv8lKn4qdPkDWlA2MwAAAQ4"]
[Thu Jun 11 16:33:34.929523 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/configuration.php"] [unique_id "aisNjqzVaq-mvl-Hfs80wwAAABg"]
[Thu Jun 11 16:33:34.930261 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ansible/hosts"] [unique_id "aisNjqzVaq-mvl-Hfs80xAAAABQ"]
[Thu Jun 11 16:33:34.931646 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/workflows/deploy.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-_QAAAUw"]
[Thu Jun 11 16:33:34.933218 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNjk4Kpjoch0F_BSr-WgAAAFM"]
[Thu Jun 11 16:33:34.933294 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNjk4Kpjoch0F_BSr-WgAAAFM"]
[Thu Jun 11 16:33:34.933701 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.flaskenv"] [unique_id "aisNjqzVaq-mvl-Hfs80xQAAABY"]
[Thu Jun 11 16:33:34.933971 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNjk4Kpjoch0F_BSr-WgAAAFM"]
[Thu Jun 11 16:33:34.934806 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-WgAAAFM"]
[Thu Jun 11 16:33:34.935878 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNjv8lKn4qdPkDWlA2NAAAARE"]
[Thu Jun 11 16:33:34.936040 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNjv8lKn4qdPkDWlA2NAAAARE"]
[Thu Jun 11 16:33:34.936208 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNjv8lKn4qdPkDWlA2NAAAARE"]
[Thu Jun 11 16:33:34.937227 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNjv8lKn4qdPkDWlA2NQAAAQM"]
[Thu Jun 11 16:33:34.937319 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNjv8lKn4qdPkDWlA2NQAAAQM"]
[Thu Jun 11 16:33:34.937444 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNjv8lKn4qdPkDWlA2NQAAAQM"]
[Thu Jun 11 16:33:34.937677 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNjv8lKn4qdPkDWlA2NQAAAQM"]
[Thu Jun 11 16:33:34.939103 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-WwAAAEY"]
[Thu Jun 11 16:33:34.939348 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-WwAAAEY"]
[Thu Jun 11 16:33:34.939535 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-WwAAAEY"]
[Thu Jun 11 16:33:34.940248 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-WwAAAEY"]
[Thu Jun 11 16:33:34.941613 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2NAAAARE"]
[Thu Jun 11 16:33:34.941984 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2NQAAAQM"]
[Thu Jun 11 16:33:34.946256 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQQAAAII"]
[Thu Jun 11 16:33:34.946410 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQQAAAII"]
[Thu Jun 11 16:33:34.946616 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNjjlbUCMVJYfLxkpKQQAAAII"]
[Thu Jun 11 16:33:34.947541 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNjkKTwdTIu69rj41nSgAAANI"]
[Thu Jun 11 16:33:34.947719 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "bower.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: bower.json found within REQUEST_FILENAME: /bower.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNjkKTwdTIu69rj41nSgAAANI"]
[Thu Jun 11 16:33:34.947946 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNjkKTwdTIu69rj41nSgAAANI"]
[Thu Jun 11 16:33:34.948658 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nSgAAANI"]
[Thu Jun 11 16:33:34.950236 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNjk4Kpjoch0F_BSr-XAAAAFg"]
[Thu Jun 11 16:33:34.950401 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNjk4Kpjoch0F_BSr-XAAAAFg"]
[Thu Jun 11 16:33:34.950653 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNjk4Kpjoch0F_BSr-XAAAAFg"]
[Thu Jun 11 16:33:34.951344 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-XAAAAFg"]
[Thu Jun 11 16:33:34.952168 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKQQAAAII"]
[Thu Jun 11 16:33:34.954505 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2NgAAARQ"]
[Thu Jun 11 16:33:34.954536 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.yml"] [unique_id "aisNjjlbUCMVJYfLxkpKQgAAAIk"]
[Thu Jun 11 16:33:34.954698 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2NgAAARQ"]
[Thu Jun 11 16:33:34.954915 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2NgAAARQ"]
[Thu Jun 11 16:33:34.955566 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2NgAAARQ"]
[Thu Jun 11 16:33:34.956241 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.tar"] [unique_id "aisNjkKTwdTIu69rj41nSwAAAME"]
[Thu Jun 11 16:33:34.960277 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNjpQ1oEsc4pCWMDP-_gAAAVc"]
[Thu Jun 11 16:33:34.960337 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNjjlbUCMVJYfLxkpKQwAAAJg"]
[Thu Jun 11 16:33:34.960434 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.override"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNjpQ1oEsc4pCWMDP-_gAAAVc"]
[Thu Jun 11 16:33:34.960473 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.hg/ found within REQUEST_FILENAME: /.hg/hgrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNjjlbUCMVJYfLxkpKQwAAAJg"]
[Thu Jun 11 16:33:34.960670 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNjpQ1oEsc4pCWMDP-_gAAAVc"]
[Thu Jun 11 16:33:34.960683 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNjjlbUCMVJYfLxkpKQwAAAJg"]
[Thu Jun 11 16:33:34.961644 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjpQ1oEsc4pCWMDP-_gAAAVc"]
[Thu Jun 11 16:33:34.962057 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNjkKTwdTIu69rj41nTAAAAMA"]
[Thu Jun 11 16:33:34.962260 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNjkKTwdTIu69rj41nTAAAAMA"]
[Thu Jun 11 16:33:34.962455 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNjkKTwdTIu69rj41nTAAAAMA"]
[Thu Jun 11 16:33:34.963240 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjkKTwdTIu69rj41nTAAAAMA"]
[Thu Jun 11 16:33:34.963535 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKQwAAAJg"]
[Thu Jun 11 16:33:34.972412 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/view.php"] [unique_id "aisNjqzVaq-mvl-Hfs80xgAAAAk"]
[Thu Jun 11 16:33:34.973103 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2NwAAAQ4"]
[Thu Jun 11 16:33:34.973225 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2NwAAAQ4"]
[Thu Jun 11 16:33:34.974669 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.staging.yml"] [unique_id "aisNjpQ1oEsc4pCWMDP-_wAAAUc"]
[Thu Jun 11 16:33:34.974729 2026] [authz_core:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] AH01630: client denied by server configuration: /var/www/html/.htaccess
[Thu Jun 11 16:33:34.976142 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNjqzVaq-mvl-Hfs80xwAAABg"]
[Thu Jun 11 16:33:34.976335 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker-compose"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNjqzVaq-mvl-Hfs80xwAAABg"]
[Thu Jun 11 16:33:34.976549 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/go.mod"] [unique_id "aisNjkKTwdTIu69rj41nTQAAAM4"]
[Thu Jun 11 16:33:34.976558 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNjqzVaq-mvl-Hfs80xwAAABg"]
[Thu Jun 11 16:33:34.977313 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjqzVaq-mvl-Hfs80xwAAABg"]
[Thu Jun 11 16:33:34.979314 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug/default/view"] [unique_id "aisNjqzVaq-mvl-Hfs80yAAAABQ"]
[Thu Jun 11 16:33:34.979875 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/session.php"] [unique_id "aisNjpQ1oEsc4pCWMDP_AAAAAVM"]
[Thu Jun 11 16:33:34.981513 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/initializers/secret_token.rb"] [unique_id "aisNjqzVaq-mvl-Hfs80yQAAABY"]
[Thu Jun 11 16:33:34.982257 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNjk4Kpjoch0F_BSr-XwAAAFM"]
[Thu Jun 11 16:33:34.982375 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNjk4Kpjoch0F_BSr-XwAAAFM"]
[Thu Jun 11 16:33:34.982627 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNjk4Kpjoch0F_BSr-XwAAAFM"]
[Thu Jun 11 16:33:34.983260 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-XwAAAFM"]
[Thu Jun 11 16:33:34.984845 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2OAAAAQM"]
[Thu Jun 11 16:33:34.984984 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2OAAAAQM"]
[Thu Jun 11 16:33:34.985116 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNjv8lKn4qdPkDWlA2OAAAAQM"]
[Thu Jun 11 16:33:34.985756 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2OAAAAQM"]
[Thu Jun 11 16:33:34.986692 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nuxt.config.js"] [unique_id "aisNjv8lKn4qdPkDWlA2OQAAARE"]
[Thu Jun 11 16:33:34.988067 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNjv8lKn4qdPkDWlA2NwAAAQ4"]
[Thu Jun 11 16:33:34.989021 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YAAAAEY"]
[Thu Jun 11 16:33:34.989291 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YAAAAEY"]
[Thu Jun 11 16:33:34.989468 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YAAAAEY"]
[Thu Jun 11 16:33:34.990169 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-YAAAAEY"]
[Thu Jun 11 16:33:34.991647 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/development.json"] [unique_id "aisNjpQ1oEsc4pCWMDP_AQAAAUw"]
[Thu Jun 11 16:33:34.996353 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YQAAAFg"]
[Thu Jun 11 16:33:34.996498 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YQAAAFg"]
[Thu Jun 11 16:33:34.996721 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNjk4Kpjoch0F_BSr-YQAAAFg"]
[Thu Jun 11 16:33:34.997344 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjk4Kpjoch0F_BSr-YQAAAFg"]
[Thu Jun 11 16:33:34.997331 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNjjlbUCMVJYfLxkpKRAAAAIk"]
[Thu Jun 11 16:33:34.997523 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNjjlbUCMVJYfLxkpKRAAAAIk"]
[Thu Jun 11 16:33:34.997749 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNjjlbUCMVJYfLxkpKRAAAAIk"]
[Thu Jun 11 16:33:34.997783 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2NwAAAQ4"]
[Thu Jun 11 16:33:34.998376 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjjlbUCMVJYfLxkpKRAAAAIk"]
[Thu Jun 11 16:33:34.999250 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNjv8lKn4qdPkDWlA2OgAAARQ"]
[Thu Jun 11 16:33:34.999406 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNjv8lKn4qdPkDWlA2OgAAARQ"]
[Thu Jun 11 16:33:34.999633 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNjv8lKn4qdPkDWlA2OgAAARQ"]
[Thu Jun 11 16:33:35.000456 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjv8lKn4qdPkDWlA2OgAAARQ"]
[Thu Jun 11 16:33:35.000567 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.dockerignore"] [unique_id "aisNjkKTwdTIu69rj41nTwAAAME"]
[Thu Jun 11 16:33:35.001392 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/terraform.tfvars"] [unique_id "aisNj5Q1oEsc4pCWMDP_AgAAAVc"]
[Thu Jun 11 16:33:35.001717 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKRQAAAJg"]
[Thu Jun 11 16:33:35.003011 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKRQAAAJg"]
[Thu Jun 11 16:33:35.003280 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKRQAAAJg"]
[Thu Jun 11 16:33:35.003403 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.staging"] [unique_id "aisNjzlbUCMVJYfLxkpKRgAAAII"]
[Thu Jun 11 16:33:35.004890 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.override.yml"] [unique_id "aisNjkKTwdTIu69rj41nUAAAANI"]
[Thu Jun 11 16:33:35.007515 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-test.properties"] [unique_id "aisNj0KTwdTIu69rj41nUQAAAMA"]
[Thu Jun 11 16:33:35.008915 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKRQAAAJg"]
[Thu Jun 11 16:33:35.013200 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.editorconfig"] [unique_id "aisNj6zVaq-mvl-Hfs80ygAAAAk"]
[Thu Jun 11 16:33:35.015754 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNj04Kpjoch0F_BSr-YgAAAEg"]
[Thu Jun 11 16:33:35.015988 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNj04Kpjoch0F_BSr-YgAAAEg"]
[Thu Jun 11 16:33:35.016244 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNj04Kpjoch0F_BSr-YgAAAEg"]
[Thu Jun 11 16:33:35.017169 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/applicationContext.xml"] [unique_id "aisNj6zVaq-mvl-Hfs80ywAAABg"]
[Thu Jun 11 16:33:35.019053 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-YgAAAEg"]
[Thu Jun 11 16:33:35.019234 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_AwAAAUc"]
[Thu Jun 11 16:33:35.019398 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_AwAAAUc"]
[Thu Jun 11 16:33:35.019732 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_AwAAAUc"]
[Thu Jun 11 16:33:35.020511 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_AwAAAUc"]
[Thu Jun 11 16:33:35.022055 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/php_info.php"] [unique_id "aisNj0KTwdTIu69rj41nUgAAAM4"]
[Thu Jun 11 16:33:35.022389 2026] [:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] File does not exist: /var/www/html/php_info.php
[Thu Jun 11 16:33:35.026210 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNj5Q1oEsc4pCWMDP_BAAAAVM"]
[Thu Jun 11 16:33:35.026357 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNj5Q1oEsc4pCWMDP_BAAAAVM"]
[Thu Jun 11 16:33:35.026526 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNj5Q1oEsc4pCWMDP_BAAAAVM"]
[Thu Jun 11 16:33:35.027398 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_BAAAAVM"]
[Thu Jun 11 16:33:35.028469 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.zip"] [unique_id "aisNj04Kpjoch0F_BSr-YwAAAFM"]
[Thu Jun 11 16:33:35.030212 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secret"] [unique_id "aisNj_8lKn4qdPkDWlA2OwAAAQM"]
[Thu Jun 11 16:33:35.031255 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.yarnrc"] [unique_id "aisNj6zVaq-mvl-Hfs80zAAAABQ"]
[Thu Jun 11 16:33:35.032045 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/swagger.json"] [unique_id "aisNj_8lKn4qdPkDWlA2PAAAARE"]
[Thu Jun 11 16:33:35.033133 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNj6zVaq-mvl-Hfs80zQAAABY"]
[Thu Jun 11 16:33:35.033295 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNj6zVaq-mvl-Hfs80zQAAABY"]
[Thu Jun 11 16:33:35.033485 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNj6zVaq-mvl-Hfs80zQAAABY"]
[Thu Jun 11 16:33:35.033830 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNj04Kpjoch0F_BSr-ZAAAAEY"]
[Thu Jun 11 16:33:35.033979 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.defaults"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNj04Kpjoch0F_BSr-ZAAAAEY"]
[Thu Jun 11 16:33:35.034102 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs80zQAAABY"]
[Thu Jun 11 16:33:35.034177 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNj04Kpjoch0F_BSr-ZAAAAEY"]
[Thu Jun 11 16:33:35.034914 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-ZAAAAEY"]
[Thu Jun 11 16:33:35.035829 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2PQAAAQ4"]
[Thu Jun 11 16:33:35.036261 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/cache/prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2PQAAAQ4"]
[Thu Jun 11 16:33:35.036460 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2PQAAAQ4"]
[Thu Jun 11 16:33:35.037092 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2PQAAAQ4"]
[Thu Jun 11 16:33:35.043409 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/parameters.php"] [unique_id "aisNj04Kpjoch0F_BSr-ZQAAAFg"]
[Thu Jun 11 16:33:35.045453 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env"] [unique_id "aisNj_8lKn4qdPkDWlA2PgAAARQ"]
[Thu Jun 11 16:33:35.047263 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNj0KTwdTIu69rj41nUwAAAME"]
[Thu Jun 11 16:33:35.047403 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.cd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNj0KTwdTIu69rj41nUwAAAME"]
[Thu Jun 11 16:33:35.047537 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNj0KTwdTIu69rj41nUwAAAME"]
[Thu Jun 11 16:33:35.048240 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nUwAAAME"]
[Thu Jun 11 16:33:35.049204 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNj0KTwdTIu69rj41nVAAAANI"]
[Thu Jun 11 16:33:35.049275 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNj0KTwdTIu69rj41nVAAAANI"]
[Thu Jun 11 16:33:35.049397 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNj0KTwdTIu69rj41nVAAAANI"]
[Thu Jun 11 16:33:35.049631 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNj0KTwdTIu69rj41nVAAAANI"]
[Thu Jun 11 16:33:35.050390 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html.zip"] [unique_id "aisNj5Q1oEsc4pCWMDP_BQAAAVc"]
[Thu Jun 11 16:33:35.050511 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nVAAAANI"]
[Thu Jun 11 16:33:35.051538 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi/env"] [unique_id "aisNj5Q1oEsc4pCWMDP_BgAAAUw"]
[Thu Jun 11 16:33:35.057939 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNj0KTwdTIu69rj41nVQAAAMA"]
[Thu Jun 11 16:33:35.058106 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/sites/default/settings.local.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.local.php found within REQUEST_FILENAME: /sites/default/settings.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNj0KTwdTIu69rj41nVQAAAMA"]
[Thu Jun 11 16:33:35.058285 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNj0KTwdTIu69rj41nVQAAAMA"]
[Thu Jun 11 16:33:35.059250 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nVQAAAMA"]
[Thu Jun 11 16:33:35.063888 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNj6zVaq-mvl-Hfs80zwAAABg"]
[Thu Jun 11 16:33:35.064120 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNj6zVaq-mvl-Hfs80zwAAABg"]
[Thu Jun 11 16:33:35.064330 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNj6zVaq-mvl-Hfs80zwAAABg"]
[Thu Jun 11 16:33:35.065418 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs80zwAAABg"]
[Thu Jun 11 16:33:35.066252 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public.tar.gz"] [unique_id "aisNj5Q1oEsc4pCWMDP_BwAAAUc"]
[Thu Jun 11 16:33:35.066961 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNj6zVaq-mvl-Hfs800AAAAAk"]
[Thu Jun 11 16:33:35.067120 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNj6zVaq-mvl-Hfs800AAAAAk"]
[Thu Jun 11 16:33:35.067286 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNj6zVaq-mvl-Hfs800AAAAAk"]
[Thu Jun 11 16:33:35.068625 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wsgi.py"] [unique_id "aisNj0KTwdTIu69rj41nVgAAAM4"]
[Thu Jun 11 16:33:35.068783 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs800AAAAAk"]
[Thu Jun 11 16:33:35.070169 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/bootstrap/cache/config.php"] [unique_id "aisNj04Kpjoch0F_BSr-ZgAAAEg"]
[Thu Jun 11 16:33:35.072175 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.Production.json"] [unique_id "aisNj5Q1oEsc4pCWMDP_CAAAAVM"]
[Thu Jun 11 16:33:35.073878 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNj04Kpjoch0F_BSr-ZwAAAFM"]
[Thu Jun 11 16:33:35.074055 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNj04Kpjoch0F_BSr-ZwAAAFM"]
[Thu Jun 11 16:33:35.074258 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNj04Kpjoch0F_BSr-ZwAAAFM"]
[Thu Jun 11 16:33:35.075409 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-ZwAAAFM"]
[Thu Jun 11 16:33:35.076499 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2PwAAAQM"]
[Thu Jun 11 16:33:35.076598 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2PwAAAQM"]
[Thu Jun 11 16:33:35.076803 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2PwAAAQM"]
[Thu Jun 11 16:33:35.077412 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2PwAAAQM"]
[Thu Jun 11 16:33:35.078247 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNj04Kpjoch0F_BSr-aAAAAEY"]
[Thu Jun 11 16:33:35.078399 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNj04Kpjoch0F_BSr-aAAAAEY"]
[Thu Jun 11 16:33:35.078781 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNj04Kpjoch0F_BSr-aAAAAEY"]
[Thu Jun 11 16:33:35.079466 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-aAAAAEY"]
[Thu Jun 11 16:33:35.080139 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNj_8lKn4qdPkDWlA2QAAAAQ4"]
[Thu Jun 11 16:33:35.080208 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNj_8lKn4qdPkDWlA2QAAAAQ4"]
[Thu Jun 11 16:33:35.080417 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNj_8lKn4qdPkDWlA2QAAAAQ4"]
[Thu Jun 11 16:33:35.081030 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2QAAAAQ4"]
[Thu Jun 11 16:33:35.083956 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNj6zVaq-mvl-Hfs800QAAABQ"]
[Thu Jun 11 16:33:35.084206 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNj6zVaq-mvl-Hfs800QAAABQ"]
[Thu Jun 11 16:33:35.084467 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNj6zVaq-mvl-Hfs800QAAABQ"]
[Thu Jun 11 16:33:35.085379 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs800QAAABQ"]
[Thu Jun 11 16:33:35.086297 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app.env"] [unique_id "aisNj_8lKn4qdPkDWlA2QQAAARE"]
[Thu Jun 11 16:33:35.088285 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNj6zVaq-mvl-Hfs800gAAABY"]
[Thu Jun 11 16:33:35.088376 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNj6zVaq-mvl-Hfs800gAAABY"]
[Thu Jun 11 16:33:35.088696 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNj6zVaq-mvl-Hfs800gAAABY"]
[Thu Jun 11 16:33:35.089013 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/config.php"] [unique_id "aisNj04Kpjoch0F_BSr-aQAAAFg"]
[Thu Jun 11 16:33:35.089506 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs800gAAABY"]
[Thu Jun 11 16:33:35.090819 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNj0KTwdTIu69rj41nVwAAAME"]
[Thu Jun 11 16:33:35.090977 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNj0KTwdTIu69rj41nVwAAAME"]
[Thu Jun 11 16:33:35.091199 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNj0KTwdTIu69rj41nVwAAAME"]
[Thu Jun 11 16:33:35.091825 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nVwAAAME"]
[Thu Jun 11 16:33:35.093452 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNj_8lKn4qdPkDWlA2QgAAARQ"]
[Thu Jun 11 16:33:35.093745 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/tsconfig.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /tsconfig.json found within REQUEST_FILENAME: /tsconfig.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNj_8lKn4qdPkDWlA2QgAAARQ"]
[Thu Jun 11 16:33:35.094033 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNj_8lKn4qdPkDWlA2QgAAARQ"]
[Thu Jun 11 16:33:35.094747 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2QgAAARQ"]
[Thu Jun 11 16:33:35.095271 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_CQAAAVc"]
[Thu Jun 11 16:33:35.095449 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_CQAAAVc"]
[Thu Jun 11 16:33:35.095698 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_CQAAAVc"]
[Thu Jun 11 16:33:35.095831 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-dev.yml"] [unique_id "aisNj0KTwdTIu69rj41nWAAAANI"]
[Thu Jun 11 16:33:35.096395 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_CQAAAVc"]
[Thu Jun 11 16:33:35.103303 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNj0KTwdTIu69rj41nWQAAAMA"]
[Thu Jun 11 16:33:35.103598 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase ".bowerrc" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bowerrc found within REQUEST_FILENAME: /.bowerrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNj0KTwdTIu69rj41nWQAAAMA"]
[Thu Jun 11 16:33:35.103769 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNj0KTwdTIu69rj41nWQAAAMA"]
[Thu Jun 11 16:33:35.104402 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nWQAAAMA"]
[Thu Jun 11 16:33:35.107304 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.ftpconfig"] [unique_id "aisNj6zVaq-mvl-Hfs800wAAABg"]
[Thu Jun 11 16:33:35.107908 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db/"] [unique_id "aisNjzlbUCMVJYfLxkpKSAAAAJg"]
[Thu Jun 11 16:33:35.108392 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Jenkinsfile"] [unique_id "aisNj6zVaq-mvl-Hfs801AAAAAk"]
[Thu Jun 11 16:33:35.111352 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap-prod.yml"] [unique_id "aisNj04Kpjoch0F_BSr-agAAAEg"]
[Thu Jun 11 16:33:35.113107 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/clientaccesspolicy.xml"] [unique_id "aisNj5Q1oEsc4pCWMDP_CgAAAUc"]
[Thu Jun 11 16:33:35.115100 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site.zip"] [unique_id "aisNj0KTwdTIu69rj41nWgAAAM4"]
[Thu Jun 11 16:33:35.115552 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nuxt.config.ts"] [unique_id "aisNjzlbUCMVJYfLxkpKSQAAAIk"]
[Thu Jun 11 16:33:35.120560 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/SymfonyRequirements.php"] [unique_id "aisNj04Kpjoch0F_BSr-awAAAEY"]
[Thu Jun 11 16:33:35.122098 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nest-cli.json"] [unique_id "aisNj_8lKn4qdPkDWlA2QwAAAQ4"]
[Thu Jun 11 16:33:35.123712 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNj_8lKn4qdPkDWlA2RAAAAQM"]
[Thu Jun 11 16:33:35.123781 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNj_8lKn4qdPkDWlA2RAAAAQM"]
[Thu Jun 11 16:33:35.123897 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNj_8lKn4qdPkDWlA2RAAAAQM"]
[Thu Jun 11 16:33:35.124081 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNj_8lKn4qdPkDWlA2RAAAAQM"]
[Thu Jun 11 16:33:35.124752 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2RAAAAQM"]
[Thu Jun 11 16:33:35.125560 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.dev"] [unique_id "aisNj04Kpjoch0F_BSr-bAAAAFM"]
[Thu Jun 11 16:33:35.127018 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNj5Q1oEsc4pCWMDP_CwAAAVM"]
[Thu Jun 11 16:33:35.128153 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNj5Q1oEsc4pCWMDP_CwAAAVM"]
[Thu Jun 11 16:33:35.128442 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNj5Q1oEsc4pCWMDP_CwAAAVM"]
[Thu Jun 11 16:33:35.128649 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNjzlbUCMVJYfLxkpKSgAAAII"]
[Thu Jun 11 16:33:35.128747 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNjzlbUCMVJYfLxkpKSgAAAII"]
[Thu Jun 11 16:33:35.129144 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_CwAAAVM"]
[Thu Jun 11 16:33:35.129051 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNjzlbUCMVJYfLxkpKSgAAAII"]
[Thu Jun 11 16:33:35.130210 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKSgAAAII"]
[Thu Jun 11 16:33:35.131402 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2RQAAARE"]
[Thu Jun 11 16:33:35.131501 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2RQAAARE"]
[Thu Jun 11 16:33:35.131801 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNj_8lKn4qdPkDWlA2RQAAARE"]
[Thu Jun 11 16:33:35.132477 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2RQAAARE"]
[Thu Jun 11 16:33:35.133167 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNj6zVaq-mvl-Hfs801QAAABQ"]
[Thu Jun 11 16:33:35.133324 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cgi-bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNj6zVaq-mvl-Hfs801QAAABQ"]
[Thu Jun 11 16:33:35.133532 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNj6zVaq-mvl-Hfs801QAAABQ"]
[Thu Jun 11 16:33:35.133741 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.override.yml"] [unique_id "aisNj0KTwdTIu69rj41nWwAAAME"]
[Thu Jun 11 16:33:35.134218 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs801QAAABQ"]
[Thu Jun 11 16:33:35.134923 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/global.php"] [unique_id "aisNj6zVaq-mvl-Hfs801gAAABY"]
[Thu Jun 11 16:33:35.137082 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNj5Q1oEsc4pCWMDP_DAAAAUw"]
[Thu Jun 11 16:33:35.137222 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNj5Q1oEsc4pCWMDP_DAAAAUw"]
[Thu Jun 11 16:33:35.137374 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNj5Q1oEsc4pCWMDP_DAAAAUw"]
[Thu Jun 11 16:33:35.138128 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_DAAAAUw"]
[Thu Jun 11 16:33:35.138750 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNj04Kpjoch0F_BSr-bQAAAFg"]
[Thu Jun 11 16:33:35.138853 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/broadcasting.php"] [unique_id "aisNj5Q1oEsc4pCWMDP_DQAAAVc"]
[Thu Jun 11 16:33:35.138909 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNj04Kpjoch0F_BSr-bQAAAFg"]
[Thu Jun 11 16:33:35.139124 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNj04Kpjoch0F_BSr-bQAAAFg"]
[Thu Jun 11 16:33:35.139829 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-bQAAAFg"]
[Thu Jun 11 16:33:35.140499 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/filesystems.php"] [unique_id "aisNj0KTwdTIu69rj41nXAAAANI"]
[Thu Jun 11 16:33:35.141992 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2RgAAARQ"]
[Thu Jun 11 16:33:35.142147 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2RgAAARQ"]
[Thu Jun 11 16:33:35.142333 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2RgAAARQ"]
[Thu Jun 11 16:33:35.143009 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2RgAAARQ"]
[Thu Jun 11 16:33:35.150455 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/env"] [unique_id "aisNj0KTwdTIu69rj41nXQAAAMA"]
[Thu Jun 11 16:33:35.152134 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.php"] [unique_id "aisNj6zVaq-mvl-Hfs801wAAAAk"]
[Thu Jun 11 16:33:35.154812 2026] [:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] File does not exist: /var/www/html/settings.php
[Thu Jun 11 16:33:35.156274 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNj04Kpjoch0F_BSr-bgAAAEg"]
[Thu Jun 11 16:33:35.156380 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNj04Kpjoch0F_BSr-bgAAAEg"]
[Thu Jun 11 16:33:35.156934 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNj04Kpjoch0F_BSr-bgAAAEg"]
[Thu Jun 11 16:33:35.157147 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNj04Kpjoch0F_BSr-bgAAAEg"]
[Thu Jun 11 16:33:35.157931 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-bgAAAEg"]
[Thu Jun 11 16:33:35.158543 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.vscode/settings.json"] [unique_id "aisNj6zVaq-mvl-Hfs802AAAABg"]
[Thu Jun 11 16:33:35.159033 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Vagrantfile"] [unique_id "aisNj5Q1oEsc4pCWMDP_DgAAAUc"]
[Thu Jun 11 16:33:35.160169 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKSwAAAJg"]
[Thu Jun 11 16:33:35.160340 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKSwAAAJg"]
[Thu Jun 11 16:33:35.160531 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKSwAAAJg"]
[Thu Jun 11 16:33:35.161258 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKSwAAAJg"]
[Thu Jun 11 16:33:35.163066 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpmyadmin/"] [unique_id "aisNj_8lKn4qdPkDWlA2RwAAAQ4"]
[Thu Jun 11 16:33:35.172475 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Gemfile.lock"] [unique_id "aisNj04Kpjoch0F_BSr-bwAAAFM"]
[Thu Jun 11 16:33:35.173749 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNj_8lKn4qdPkDWlA2SAAAAQM"]
[Thu Jun 11 16:33:35.173908 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNj_8lKn4qdPkDWlA2SAAAAQM"]
[Thu Jun 11 16:33:35.174278 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNj_8lKn4qdPkDWlA2SAAAAQM"]
[Thu Jun 11 16:33:35.174488 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_DwAAAVM"]
[Thu Jun 11 16:33:35.174668 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_DwAAAVM"]
[Thu Jun 11 16:33:35.174868 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_DwAAAVM"]
[Thu Jun 11 16:33:35.175386 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2SAAAAQM"]
[Thu Jun 11 16:33:35.175720 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_DwAAAVM"]
[Thu Jun 11 16:33:35.176666 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/status"] [unique_id "aisNj0KTwdTIu69rj41nXgAAAM4"]
[Thu Jun 11 16:33:35.179043 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802QAAABQ"]
[Thu Jun 11 16:33:35.179208 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802QAAABQ"]
[Thu Jun 11 16:33:35.179395 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802QAAABQ"]
[Thu Jun 11 16:33:35.180288 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs802QAAABQ"]
[Thu Jun 11 16:33:35.181060 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNjzlbUCMVJYfLxkpKTAAAAIk"]
[Thu Jun 11 16:33:35.181199 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNjzlbUCMVJYfLxkpKTAAAAIk"]
[Thu Jun 11 16:33:35.181338 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNjzlbUCMVJYfLxkpKTAAAAIk"]
[Thu Jun 11 16:33:35.182099 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKTAAAAIk"]
[Thu Jun 11 16:33:35.183139 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_profiler/phpinfo"] [unique_id "aisNjzlbUCMVJYfLxkpKTQAAAII"]
[Thu Jun 11 16:33:35.184504 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNj04Kpjoch0F_BSr-cAAAAEY"]
[Thu Jun 11 16:33:35.184606 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNj04Kpjoch0F_BSr-cAAAAEY"]
[Thu Jun 11 16:33:35.184753 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNj04Kpjoch0F_BSr-cAAAAEY"]
[Thu Jun 11 16:33:35.185078 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNj04Kpjoch0F_BSr-cAAAAEY"]
[Thu Jun 11 16:33:35.185804 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-cAAAAEY"]
[Thu Jun 11 16:33:35.195344 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sitemap.xml"] [unique_id "aisNj0KTwdTIu69rj41nXwAAANI"]
[Thu Jun 11 16:33:35.197928 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/staging.rb"] [unique_id "aisNj0KTwdTIu69rj41nYQAAAME"]
[Thu Jun 11 16:33:35.198942 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SQAAARQ"]
[Thu Jun 11 16:33:35.199098 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/cache/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SQAAARQ"]
[Thu Jun 11 16:33:35.199293 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SQAAARQ"]
[Thu Jun 11 16:33:35.199915 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2SQAAARQ"]
[Thu Jun 11 16:33:35.203053 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNj0KTwdTIu69rj41nYgAAAMA"]
[Thu Jun 11 16:33:35.203250 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNj0KTwdTIu69rj41nYgAAAMA"]
[Thu Jun 11 16:33:35.203451 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNj0KTwdTIu69rj41nYgAAAMA"]
[Thu Jun 11 16:33:35.204343 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nYgAAAMA"]
[Thu Jun 11 16:33:35.211815 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/instance/config.py"] [unique_id "aisNj5Q1oEsc4pCWMDP_EAAAAVc"]
[Thu Jun 11 16:33:35.213675 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802gAAABg"]
[Thu Jun 11 16:33:35.213832 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802gAAABg"]
[Thu Jun 11 16:33:35.214019 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNj6zVaq-mvl-Hfs802gAAABg"]
[Thu Jun 11 16:33:35.214674 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs802gAAABg"]
[Thu Jun 11 16:33:35.215994 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNj04Kpjoch0F_BSr-cQAAAEg"]
[Thu Jun 11 16:33:35.216130 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNj04Kpjoch0F_BSr-cQAAAEg"]
[Thu Jun 11 16:33:35.216270 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNj04Kpjoch0F_BSr-cQAAAEg"]
[Thu Jun 11 16:33:35.216948 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-cQAAAEg"]
[Thu Jun 11 16:33:35.219488 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SgAAAQM"]
[Thu Jun 11 16:33:35.219707 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SgAAAQM"]
[Thu Jun 11 16:33:35.219935 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2SgAAAQM"]
[Thu Jun 11 16:33:35.220853 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2SgAAAQM"]
[Thu Jun 11 16:33:35.225256 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNj04Kpjoch0F_BSr-cgAAAEY"]
[Thu Jun 11 16:33:35.225330 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNj04Kpjoch0F_BSr-cgAAAEY"]
[Thu Jun 11 16:33:35.225449 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNj04Kpjoch0F_BSr-cgAAAEY"]
[Thu Jun 11 16:33:35.225713 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNj04Kpjoch0F_BSr-cgAAAEY"]
[Thu Jun 11 16:33:35.226481 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-cgAAAEY"]
[Thu Jun 11 16:33:35.228327 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNj5Q1oEsc4pCWMDP_EQAAAVM"]
[Thu Jun 11 16:33:35.228501 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNj5Q1oEsc4pCWMDP_EQAAAVM"]
[Thu Jun 11 16:33:35.228830 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNj5Q1oEsc4pCWMDP_EQAAAVM"]
[Thu Jun 11 16:33:35.229478 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_EQAAAVM"]
[Thu Jun 11 16:33:35.230404 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bitbucket-pipelines.yml"] [unique_id "aisNj6zVaq-mvl-Hfs802wAAABQ"]
[Thu Jun 11 16:33:35.232222 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/mail.php"] [unique_id "aisNjzlbUCMVJYfLxkpKTgAAAIk"]
[Thu Jun 11 16:33:35.233938 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap.yml"] [unique_id "aisNjzlbUCMVJYfLxkpKTwAAAII"]
[Thu Jun 11 16:33:35.236365 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/i.php"] [unique_id "aisNj_8lKn4qdPkDWlA2SwAAARE"]
[Thu Jun 11 16:33:35.236775 2026] [:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] File does not exist: /var/www/html/i.php
[Thu Jun 11 16:33:35.238670 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/initializers/secret_token.rb"] [unique_id "aisNj04Kpjoch0F_BSr-cwAAAFM"]
[Thu Jun 11 16:33:35.241031 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.php"] [unique_id "aisNjzlbUCMVJYfLxkpKUAAAAJg"]
[Thu Jun 11 16:33:35.243098 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/env"] [unique_id "aisNj0KTwdTIu69rj41nYwAAANI"]
[Thu Jun 11 16:33:35.245130 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TAAAARQ"]
[Thu Jun 11 16:33:35.245337 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TAAAARQ"]
[Thu Jun 11 16:33:35.245528 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TAAAARQ"]
[Thu Jun 11 16:33:35.246170 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2TAAAARQ"]
[Thu Jun 11 16:33:35.247382 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-login.php"] [unique_id "aisNj5Q1oEsc4pCWMDP_EgAAAUw"]
[Thu Jun 11 16:33:35.247480 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/administrator/"] [unique_id "aisNj0KTwdTIu69rj41nZAAAAMA"]
[Thu Jun 11 16:33:35.247827 2026] [:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] File does not exist: /var/www/html/wp-login.php
[Thu Jun 11 16:33:35.249701 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/pom.xml"] [unique_id "aisNj04Kpjoch0F_BSr-dAAAAFg"]
[Thu Jun 11 16:33:35.251837 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNj6zVaq-mvl-Hfs803AAAABY"]
[Thu Jun 11 16:33:35.252009 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNj6zVaq-mvl-Hfs803AAAABY"]
[Thu Jun 11 16:33:35.252177 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNj6zVaq-mvl-Hfs803AAAABY"]
[Thu Jun 11 16:33:35.252965 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs803AAAABY"]
[Thu Jun 11 16:33:35.254097 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_EwAAAVc"]
[Thu Jun 11 16:33:35.254327 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_EwAAAVc"]
[Thu Jun 11 16:33:35.254531 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNj5Q1oEsc4pCWMDP_EwAAAVc"]
[Thu Jun 11 16:33:35.255165 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNj0KTwdTIu69rj41nZQAAAME"]
[Thu Jun 11 16:33:35.255324 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNj0KTwdTIu69rj41nZQAAAME"]
[Thu Jun 11 16:33:35.255360 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_EwAAAVc"]
[Thu Jun 11 16:33:35.255531 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNj0KTwdTIu69rj41nZQAAAME"]
[Thu Jun 11 16:33:35.256032 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.prod.yml"] [unique_id "aisNj6zVaq-mvl-Hfs803QAAABg"]
[Thu Jun 11 16:33:35.256665 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nZQAAAME"]
[Thu Jun 11 16:33:35.262552 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNj_8lKn4qdPkDWlA2TQAAAQ4"]
[Thu Jun 11 16:33:35.262737 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.previous"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNj_8lKn4qdPkDWlA2TQAAAQ4"]
[Thu Jun 11 16:33:35.263010 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNj_8lKn4qdPkDWlA2TQAAAQ4"]
[Thu Jun 11 16:33:35.264162 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2TQAAAQ4"]
[Thu Jun 11 16:33:35.264856 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNj_8lKn4qdPkDWlA2TgAAAQM"]
[Thu Jun 11 16:33:35.265048 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNj_8lKn4qdPkDWlA2TgAAAQM"]
[Thu Jun 11 16:33:35.265242 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNj_8lKn4qdPkDWlA2TgAAAQM"]
[Thu Jun 11 16:33:35.266112 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2TgAAAQM"]
[Thu Jun 11 16:33:35.268415 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www.tar.gz"] [unique_id "aisNj5Q1oEsc4pCWMDP_FAAAAUc"]
[Thu Jun 11 16:33:35.270126 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Procfile"] [unique_id "aisNj04Kpjoch0F_BSr-dQAAAEY"]
[Thu Jun 11 16:33:35.273088 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.production"] [unique_id "aisNj5Q1oEsc4pCWMDP_FQAAAVM"]
[Thu Jun 11 16:33:35.275354 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aisNj0KTwdTIu69rj41nZgAAAM4"]
[Thu Jun 11 16:33:35.278856 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKUQAAAII"]
[Thu Jun 11 16:33:35.280266 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/configuration.php"] [unique_id "aisNj6zVaq-mvl-Hfs803gAAAAk"]
[Thu Jun 11 16:33:35.281386 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TwAAARE"]
[Thu Jun 11 16:33:35.281538 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TwAAARE"]
[Thu Jun 11 16:33:35.281736 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2TwAAARE"]
[Thu Jun 11 16:33:35.282406 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2TwAAARE"]
[Thu Jun 11 16:33:35.283492 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/production.rb"] [unique_id "aisNj04Kpjoch0F_BSr-dgAAAEg"]
[Thu Jun 11 16:33:35.285314 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_debugbar/open"] [unique_id "aisNjzlbUCMVJYfLxkpKUgAAAJg"]
[Thu Jun 11 16:33:35.285492 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNj04Kpjoch0F_BSr-dwAAAFM"]
[Thu Jun 11 16:33:35.285659 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webroot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNj04Kpjoch0F_BSr-dwAAAFM"]
[Thu Jun 11 16:33:35.285856 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNj04Kpjoch0F_BSr-dwAAAFM"]
[Thu Jun 11 16:33:35.286738 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-dwAAAFM"]
[Thu Jun 11 16:33:35.287248 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/adminer.php"] [unique_id "aisNj6zVaq-mvl-Hfs803wAAABQ"]
[Thu Jun 11 16:33:35.287698 2026] [:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] File does not exist: /var/www/html/adminer.php
[Thu Jun 11 16:33:35.288175 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNj0KTwdTIu69rj41nZwAAANI"]
[Thu Jun 11 16:33:35.288411 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNj0KTwdTIu69rj41nZwAAANI"]
[Thu Jun 11 16:33:35.288708 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNj0KTwdTIu69rj41nZwAAANI"]
[Thu Jun 11 16:33:35.289327 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_FgAAAUw"]
[Thu Jun 11 16:33:35.289404 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_FgAAAUw"]
[Thu Jun 11 16:33:35.289503 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nZwAAANI"]
[Thu Jun 11 16:33:35.289809 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_FgAAAUw"]
[Thu Jun 11 16:33:35.290490 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_FgAAAUw"]
[Thu Jun 11 16:33:35.290715 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2UAAAARQ"]
[Thu Jun 11 16:33:35.291239 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2UAAAARQ"]
[Thu Jun 11 16:33:35.291405 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNjzlbUCMVJYfLxkpKUwAAAIk"]
[Thu Jun 11 16:33:35.291454 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNj_8lKn4qdPkDWlA2UAAAARQ"]
[Thu Jun 11 16:33:35.291473 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNjzlbUCMVJYfLxkpKUwAAAIk"]
[Thu Jun 11 16:33:35.291806 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNjzlbUCMVJYfLxkpKUwAAAIk"]
[Thu Jun 11 16:33:35.292164 2026] [security2:error] [pid 3902:tid 3929] [client 162.243.172.115:53120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj_8lKn4qdPkDWlA2UAAAARQ"]
[Thu Jun 11 16:33:35.292458 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKUwAAAIk"]
[Thu Jun 11 16:33:35.293315 2026] [security2:error] [pid 21243:tid 21246] [client 162.243.172.115:53328] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.vscode/launch.json"] [unique_id "aisNj0KTwdTIu69rj41naAAAAMA"]
[Thu Jun 11 16:33:35.294675 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKUQAAAII"]
[Thu Jun 11 16:33:35.294873 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNjzlbUCMVJYfLxkpKUQAAAII"]
[Thu Jun 11 16:33:35.296243 2026] [security2:error] [pid 21243:tid 21247] [client 162.243.172.115:53222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/production.rb"] [unique_id "aisNj0KTwdTIu69rj41naQAAAME"]
[Thu Jun 11 16:33:35.298274 2026] [security2:error] [pid 21295:tid 21328] [client 162.243.172.115:53316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKUQAAAII"]
[Thu Jun 11 16:33:35.303385 2026] [security2:error] [pid 9918:tid 9946] [client 162.243.172.115:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/logging.php"] [unique_id "aisNj04Kpjoch0F_BSr-eAAAAFg"]
[Thu Jun 11 16:33:35.305157 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNj6zVaq-mvl-Hfs804AAAABY"]
[Thu Jun 11 16:33:35.305218 2026] [security2:error] [pid 3902:tid 3923] [client 162.243.172.115:53256] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.yaml"] [unique_id "aisNj_8lKn4qdPkDWlA2UQAAAQ4"]
[Thu Jun 11 16:33:35.305314 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.vault"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNj6zVaq-mvl-Hfs804AAAABY"]
[Thu Jun 11 16:33:35.305495 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNj6zVaq-mvl-Hfs804AAAABY"]
[Thu Jun 11 16:33:35.306307 2026] [security2:error] [pid 21296:tid 21321] [client 162.243.172.115:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs804AAAABY"]
[Thu Jun 11 16:33:35.306987 2026] [security2:error] [pid 21296:tid 21324] [client 162.243.172.115:53278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/env"] [unique_id "aisNj6zVaq-mvl-Hfs804QAAABg"]
[Thu Jun 11 16:33:35.310616 2026] [security2:error] [pid 3902:tid 3912] [client 162.243.172.115:53300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/web.xml"] [unique_id "aisNj_8lKn4qdPkDWlA2UgAAAQM"]
[Thu Jun 11 16:33:35.312161 2026] [security2:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/parameters.php"] [unique_id "aisNj04Kpjoch0F_BSr-eQAAAEY"]
[Thu Jun 11 16:33:35.312423 2026] [:error] [pid 9918:tid 9928] [client 162.243.172.115:53336] File does not exist: /var/www/html/parameters.php
[Thu Jun 11 16:33:35.316254 2026] [security2:error] [pid 5830:tid 5842] [client 162.243.172.115:53210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/api-docs"] [unique_id "aisNj5Q1oEsc4pCWMDP_FwAAAUc"]
[Thu Jun 11 16:33:35.323310 2026] [security2:error] [pid 5830:tid 5854] [client 162.243.172.115:53244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-staging.properties"] [unique_id "aisNj5Q1oEsc4pCWMDP_GAAAAVM"]
[Thu Jun 11 16:33:35.324341 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNj04Kpjoch0F_BSr-egAAAEg"]
[Thu Jun 11 16:33:35.324496 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNj04Kpjoch0F_BSr-egAAAEg"]
[Thu Jun 11 16:33:35.324821 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNj0KTwdTIu69rj41nagAAAM4"]
[Thu Jun 11 16:33:35.324890 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNj04Kpjoch0F_BSr-egAAAEg"]
[Thu Jun 11 16:33:35.324995 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNj0KTwdTIu69rj41nagAAAM4"]
[Thu Jun 11 16:33:35.325224 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNj0KTwdTIu69rj41nagAAAM4"]
[Thu Jun 11 16:33:35.325629 2026] [security2:error] [pid 9918:tid 9930] [client 162.243.172.115:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-egAAAEg"]
[Thu Jun 11 16:33:35.326292 2026] [security2:error] [pid 3902:tid 3926] [client 162.243.172.115:53234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local.env"] [unique_id "aisNj_8lKn4qdPkDWlA2UwAAARE"]
[Thu Jun 11 16:33:35.326391 2026] [security2:error] [pid 21243:tid 21260] [client 162.243.172.115:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj0KTwdTIu69rj41nagAAAM4"]
[Thu Jun 11 16:33:35.327951 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNjzlbUCMVJYfLxkpKVAAAAJg"]
[Thu Jun 11 16:33:35.328115 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNjzlbUCMVJYfLxkpKVAAAAJg"]
[Thu Jun 11 16:33:35.328325 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNjzlbUCMVJYfLxkpKVAAAAJg"]
[Thu Jun 11 16:33:35.329100 2026] [security2:error] [pid 21295:tid 21350] [client 162.243.172.115:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKVAAAAJg"]
[Thu Jun 11 16:33:35.329732 2026] [security2:error] [pid 5830:tid 5847] [client 162.243.172.115:53152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/manage.py"] [unique_id "aisNj5Q1oEsc4pCWMDP_GQAAAUw"]
[Thu Jun 11 16:33:35.331663 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNj04Kpjoch0F_BSr-ewAAAFM"]
[Thu Jun 11 16:33:35.331824 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNj04Kpjoch0F_BSr-ewAAAFM"]
[Thu Jun 11 16:33:35.332088 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNj04Kpjoch0F_BSr-ewAAAFM"]
[Thu Jun 11 16:33:35.333009 2026] [security2:error] [pid 9918:tid 9941] [client 162.243.172.115:53286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj04Kpjoch0F_BSr-ewAAAFM"]
[Thu Jun 11 16:33:35.333944 2026] [security2:error] [pid 21243:tid 21264] [client 162.243.172.115:53164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-local.properties"] [unique_id "aisNj0KTwdTIu69rj41nawAAANI"]
[Thu Jun 11 16:33:35.342427 2026] [security2:error] [pid 21296:tid 21319] [client 162.243.172.115:53270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/actions/env"] [unique_id "aisNj6zVaq-mvl-Hfs804gAAABQ"]
[Thu Jun 11 16:33:35.358542 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNjzlbUCMVJYfLxkpKVQAAAIk"]
[Thu Jun 11 16:33:35.358722 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNjzlbUCMVJYfLxkpKVQAAAIk"]
[Thu Jun 11 16:33:35.358952 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNjzlbUCMVJYfLxkpKVQAAAIk"]
[Thu Jun 11 16:33:35.359623 2026] [security2:error] [pid 21295:tid 21335] [client 162.243.172.115:53340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNjzlbUCMVJYfLxkpKVQAAAIk"]
[Thu Jun 11 16:33:35.359708 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNj6zVaq-mvl-Hfs804wAAAAk"]
[Thu Jun 11 16:33:35.359864 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNj6zVaq-mvl-Hfs804wAAAAk"]
[Thu Jun 11 16:33:35.360064 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNj6zVaq-mvl-Hfs804wAAAAk"]
[Thu Jun 11 16:33:35.360942 2026] [security2:error] [pid 21296:tid 21308] [client 162.243.172.115:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj6zVaq-mvl-Hfs804wAAAAk"]
[Thu Jun 11 16:33:35.372373 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_GgAAAVc"]
[Thu Jun 11 16:33:35.372446 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_GgAAAVc"]
[Thu Jun 11 16:33:35.372781 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNj5Q1oEsc4pCWMDP_GgAAAVc"]
[Thu Jun 11 16:33:35.373412 2026] [security2:error] [pid 5830:tid 5858] [client 162.243.172.115:53140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNj5Q1oEsc4pCWMDP_GgAAAVc"]
[Thu Jun 11 16:33:37.744426 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.yml"] [unique_id "aisNkTlbUCMVJYfLxkpKWwAAAIU"]
[Thu Jun 11 16:33:37.748306 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/credentials.yml.enc"] [unique_id "aisNkUKTwdTIu69rj41ndQAAANY"]
[Thu Jun 11 16:33:37.750268 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WQAAARI"]
[Thu Jun 11 16:33:37.750443 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WQAAARI"]
[Thu Jun 11 16:33:37.750727 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WQAAARI"]
[Thu Jun 11 16:33:37.750997 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2WQAAARI"]
[Thu Jun 11 16:33:37.752468 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-hQAAAEE"]
[Thu Jun 11 16:33:37.752811 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-hQAAAEE"]
[Thu Jun 11 16:33:37.753025 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-hQAAAEE"]
[Thu Jun 11 16:33:37.753295 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-hQAAAEE"]
[Thu Jun 11 16:33:37.755550 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNkUKTwdTIu69rj41ndgAAAMc"]
[Thu Jun 11 16:33:37.755777 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNkUKTwdTIu69rj41ndgAAAMc"]
[Thu Jun 11 16:33:37.755956 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "aisNkUKTwdTIu69rj41ndgAAAMc"]
[Thu Jun 11 16:33:37.756195 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41ndgAAAMc"]
[Thu Jun 11 16:33:37.761539 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNkU4Kpjoch0F_BSr-hgAAAEM"]
[Thu Jun 11 16:33:37.761759 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNkU4Kpjoch0F_BSr-hgAAAEM"]
[Thu Jun 11 16:33:37.762054 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "aisNkU4Kpjoch0F_BSr-hgAAAEM"]
[Thu Jun 11 16:33:37.762312 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-hgAAAEM"]
[Thu Jun 11 16:33:37.763602 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkTlbUCMVJYfLxkpKXAAAAJE"]
[Thu Jun 11 16:33:37.763782 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkTlbUCMVJYfLxkpKXAAAAJE"]
[Thu Jun 11 16:33:37.764046 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkTlbUCMVJYfLxkpKXAAAAJE"]
[Thu Jun 11 16:33:37.764087 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.secret"] [unique_id "aisNkTlbUCMVJYfLxkpKXQAAAJc"]
[Thu Jun 11 16:33:37.764279 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKXAAAAJE"]
[Thu Jun 11 16:33:37.766288 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_IwAAAVI"]
[Thu Jun 11 16:33:37.766460 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkUKTwdTIu69rj41ndwAAAMs"]
[Thu Jun 11 16:33:37.766761 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkUKTwdTIu69rj41ndwAAAMs"]
[Thu Jun 11 16:33:37.767001 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkUKTwdTIu69rj41ndwAAAMs"]
[Thu Jun 11 16:33:37.767224 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41ndwAAAMs"]
[Thu Jun 11 16:33:37.767915 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNkU4Kpjoch0F_BSr-hwAAAEw"]
[Thu Jun 11 16:33:37.768111 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNkU4Kpjoch0F_BSr-hwAAAEw"]
[Thu Jun 11 16:33:37.768290 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.save"] [unique_id "aisNkU4Kpjoch0F_BSr-hwAAAEw"]
[Thu Jun 11 16:33:37.768333 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNkf8lKn4qdPkDWlA2WwAAAQw"]
[Thu Jun 11 16:33:37.768492 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNkf8lKn4qdPkDWlA2WwAAAQw"]
[Thu Jun 11 16:33:37.768520 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-hwAAAEw"]
[Thu Jun 11 16:33:37.768767 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.orig"] [unique_id "aisNkf8lKn4qdPkDWlA2WwAAAQw"]
[Thu Jun 11 16:33:37.769039 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2WwAAAQw"]
[Thu Jun 11 16:33:37.770242 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNkZQ1oEsc4pCWMDP_JAAAAU8"]
[Thu Jun 11 16:33:37.770481 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNkZQ1oEsc4pCWMDP_JAAAAU8"]
[Thu Jun 11 16:33:37.770768 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "aisNkZQ1oEsc4pCWMDP_JAAAAU8"]
[Thu Jun 11 16:33:37.771080 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_JAAAAU8"]
[Thu Jun 11 16:33:37.771467 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKXgAAAI0"]
[Thu Jun 11 16:33:37.771667 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKXgAAAI0"]
[Thu Jun 11 16:33:37.771851 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKXgAAAI0"]
[Thu Jun 11 16:33:37.772069 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKXgAAAI0"]
[Thu Jun 11 16:33:37.772420 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNkazVaq-mvl-Hfs807QAAAAw"]
[Thu Jun 11 16:33:37.772701 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNkazVaq-mvl-Hfs807QAAAAw"]
[Thu Jun 11 16:33:37.772885 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNkZQ1oEsc4pCWMDP_JQAAAUs"]
[Thu Jun 11 16:33:37.772994 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aisNkazVaq-mvl-Hfs807QAAAAw"]
[Thu Jun 11 16:33:37.773055 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNkZQ1oEsc4pCWMDP_JQAAAUs"]
[Thu Jun 11 16:33:37.773223 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "aisNkZQ1oEsc4pCWMDP_JQAAAUs"]
[Thu Jun 11 16:33:37.773232 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs807QAAAAw"]
[Thu Jun 11 16:33:37.773501 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_JQAAAUs"]
[Thu Jun 11 16:33:37.774417 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/credentials.yml.enc"] [unique_id "aisNkazVaq-mvl-Hfs807gAAABc"]
[Thu Jun 11 16:33:37.774675 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_JgAAAUE"]
[Thu Jun 11 16:33:37.774852 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_JgAAAUE"]
[Thu Jun 11 16:33:37.775024 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_JgAAAUE"]
[Thu Jun 11 16:33:37.775377 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_JgAAAUE"]
[Thu Jun 11 16:33:37.775912 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.json"] [unique_id "aisNkUKTwdTIu69rj41neAAAAMQ"]
[Thu Jun 11 16:33:37.777506 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.php"] [unique_id "aisNkazVaq-mvl-Hfs807wAAABA"]
[Thu Jun 11 16:33:37.778975 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-iAAAAEQ"]
[Thu Jun 11 16:33:37.779276 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-iAAAAEQ"]
[Thu Jun 11 16:33:37.779479 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/src/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-iAAAAEQ"]
[Thu Jun 11 16:33:37.779767 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-iAAAAEQ"]
[Thu Jun 11 16:33:37.779769 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNkazVaq-mvl-Hfs808AAAAAA"]
[Thu Jun 11 16:33:37.779842 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNkazVaq-mvl-Hfs808AAAAAA"]
[Thu Jun 11 16:33:37.779951 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNkazVaq-mvl-Hfs808AAAAAA"]
[Thu Jun 11 16:33:37.780115 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "aisNkazVaq-mvl-Hfs808AAAAAA"]
[Thu Jun 11 16:33:37.780366 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs808AAAAAA"]
[Thu Jun 11 16:33:37.781492 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNkf8lKn4qdPkDWlA2XAAAARA"]
[Thu Jun 11 16:33:37.781800 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNkf8lKn4qdPkDWlA2XAAAARA"]
[Thu Jun 11 16:33:37.781982 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "aisNkf8lKn4qdPkDWlA2XAAAARA"]
[Thu Jun 11 16:33:37.782207 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2XAAAARA"]
[Thu Jun 11 16:33:37.782815 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WgAAAQg"]
[Thu Jun 11 16:33:37.782960 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WgAAAQg"]
[Thu Jun 11 16:33:37.783175 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/resources/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2WgAAAQg"]
[Thu Jun 11 16:33:37.783410 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2WgAAAQg"]
[Thu Jun 11 16:33:37.786652 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/database.php"] [unique_id "aisNkTlbUCMVJYfLxkpKXwAAAIU"]
[Thu Jun 11 16:33:37.788763 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.txt"] [unique_id "aisNkUKTwdTIu69rj41neQAAANY"]
[Thu Jun 11 16:33:37.793806 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XQAAARI"]
[Thu Jun 11 16:33:37.793964 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XQAAARI"]
[Thu Jun 11 16:33:37.794100 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XQAAARI"]
[Thu Jun 11 16:33:37.794344 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2XQAAARI"]
[Thu Jun 11 16:33:37.795310 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/credentials.json"] [unique_id "aisNkUKTwdTIu69rj41negAAAMc"]
[Thu Jun 11 16:33:37.796411 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkU4Kpjoch0F_BSr-iQAAAEE"]
[Thu Jun 11 16:33:37.796556 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkU4Kpjoch0F_BSr-iQAAAEE"]
[Thu Jun 11 16:33:37.796718 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkU4Kpjoch0F_BSr-iQAAAEE"]
[Thu Jun 11 16:33:37.797034 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-iQAAAEE"]
[Thu Jun 11 16:33:37.812112 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNkTlbUCMVJYfLxkpKYQAAAJc"]
[Thu Jun 11 16:33:37.812308 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNkTlbUCMVJYfLxkpKYQAAAJc"]
[Thu Jun 11 16:33:37.812470 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNkTlbUCMVJYfLxkpKYQAAAJc"]
[Thu Jun 11 16:33:37.812754 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bak"] [unique_id "aisNkTlbUCMVJYfLxkpKYQAAAJc"]
[Thu Jun 11 16:33:37.813073 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKYQAAAJc"]
[Thu Jun 11 16:33:37.814146 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-igAAAEM"]
[Thu Jun 11 16:33:37.814288 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-igAAAEM"]
[Thu Jun 11 16:33:37.814591 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-igAAAEM"]
[Thu Jun 11 16:33:37.814887 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-igAAAEM"]
[Thu Jun 11 16:33:37.816148 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKYgAAAI0"]
[Thu Jun 11 16:33:37.816224 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNkazVaq-mvl-Hfs808gAAAAw"]
[Thu Jun 11 16:33:37.816370 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKYgAAAI0"]
[Thu Jun 11 16:33:37.816511 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNkazVaq-mvl-Hfs808gAAAAw"]
[Thu Jun 11 16:33:37.816782 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sites/default/settings.php"] [unique_id "aisNkazVaq-mvl-Hfs808gAAAAw"]
[Thu Jun 11 16:33:37.817069 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs808gAAAAw"]
[Thu Jun 11 16:33:37.817265 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNkZQ1oEsc4pCWMDP_JwAAAUs"]
[Thu Jun 11 16:33:37.817330 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNkZQ1oEsc4pCWMDP_JwAAAUs"]
[Thu Jun 11 16:33:37.817523 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNkZQ1oEsc4pCWMDP_JwAAAUs"]
[Thu Jun 11 16:33:37.817723 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "aisNkZQ1oEsc4pCWMDP_JwAAAUs"]
[Thu Jun 11 16:33:37.818068 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_JwAAAUs"]
[Thu Jun 11 16:33:37.818674 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XgAAAQw"]
[Thu Jun 11 16:33:37.818823 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XgAAAQw"]
[Thu Jun 11 16:33:37.819120 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/credentials"] [unique_id "aisNkf8lKn4qdPkDWlA2XgAAAQw"]
[Thu Jun 11 16:33:37.819294 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNkazVaq-mvl-Hfs808wAAABA"]
[Thu Jun 11 16:33:37.819384 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2XgAAAQw"]
[Thu Jun 11 16:33:37.819610 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNkazVaq-mvl-Hfs808wAAABA"]
[Thu Jun 11 16:33:37.819804 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "aisNkazVaq-mvl-Hfs808wAAABA"]
[Thu Jun 11 16:33:37.820101 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs808wAAABA"]
[Thu Jun 11 16:33:37.820546 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNkTlbUCMVJYfLxkpKYwAAAJE"]
[Thu Jun 11 16:33:37.820784 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNkTlbUCMVJYfLxkpKYwAAAJE"]
[Thu Jun 11 16:33:37.820883 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNkZQ1oEsc4pCWMDP_KAAAAUE"]
[Thu Jun 11 16:33:37.821000 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "aisNkTlbUCMVJYfLxkpKYwAAAJE"]
[Thu Jun 11 16:33:37.821019 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNkZQ1oEsc4pCWMDP_KAAAAUE"]
[Thu Jun 11 16:33:37.821153 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php"] [unique_id "aisNkZQ1oEsc4pCWMDP_KAAAAUE"]
[Thu Jun 11 16:33:37.821281 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKYwAAAJE"]
[Thu Jun 11 16:33:37.821372 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_KAAAAUE"]
[Thu Jun 11 16:33:37.822111 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings_local.py"] [unique_id "aisNkU4Kpjoch0F_BSr-iwAAAEw"]
[Thu Jun 11 16:33:37.822172 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_KQAAAU8"]
[Thu Jun 11 16:33:37.822337 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_KQAAAU8"]
[Thu Jun 11 16:33:37.822600 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_KQAAAU8"]
[Thu Jun 11 16:33:37.822866 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_KQAAAU8"]
[Thu Jun 11 16:33:37.824067 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNkUKTwdTIu69rj41nfAAAAMs"]
[Thu Jun 11 16:33:37.824244 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNkUKTwdTIu69rj41nfAAAAMs"]
[Thu Jun 11 16:33:37.824445 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisNkUKTwdTIu69rj41nfAAAAMs"]
[Thu Jun 11 16:33:37.824747 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41nfAAAAMs"]
[Thu Jun 11 16:33:37.826291 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/configuration.php"] [unique_id "aisNkazVaq-mvl-Hfs809AAAABc"]
[Thu Jun 11 16:33:37.827848 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkazVaq-mvl-Hfs809QAAAAA"]
[Thu Jun 11 16:33:37.828020 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkazVaq-mvl-Hfs809QAAAAA"]
[Thu Jun 11 16:33:37.828093 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkTlbUCMVJYfLxkpKZAAAAIU"]
[Thu Jun 11 16:33:37.828231 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkazVaq-mvl-Hfs809QAAAAA"]
[Thu Jun 11 16:33:37.828291 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkTlbUCMVJYfLxkpKZAAAAIU"]
[Thu Jun 11 16:33:37.828531 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs809QAAAAA"]
[Thu Jun 11 16:33:37.828550 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkTlbUCMVJYfLxkpKZAAAAIU"]
[Thu Jun 11 16:33:37.828839 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKZAAAAIU"]
[Thu Jun 11 16:33:37.829319 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/k8s-config.yml"] [unique_id "aisNkf8lKn4qdPkDWlA2XwAAARA"]
[Thu Jun 11 16:33:37.829468 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_KwAAAVI"]
[Thu Jun 11 16:33:37.829653 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_KwAAAVI"]
[Thu Jun 11 16:33:37.829845 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/core/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_KwAAAVI"]
[Thu Jun 11 16:33:37.830075 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_KwAAAVI"]
[Thu Jun 11 16:33:37.830514 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-jAAAAEQ"]
[Thu Jun 11 16:33:37.830678 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-jAAAAEQ"]
[Thu Jun 11 16:33:37.830864 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/.env"] [unique_id "aisNkU4Kpjoch0F_BSr-jAAAAEQ"]
[Thu Jun 11 16:33:37.831068 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-jAAAAEQ"]
[Thu Jun 11 16:33:37.831119 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkUKTwdTIu69rj41nfQAAANY"]
[Thu Jun 11 16:33:37.831341 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkUKTwdTIu69rj41nfQAAANY"]
[Thu Jun 11 16:33:37.831644 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkUKTwdTIu69rj41nfQAAANY"]
[Thu Jun 11 16:33:37.831936 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41nfQAAANY"]
[Thu Jun 11 16:33:37.832368 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/mail.php"] [unique_id "aisNkf8lKn4qdPkDWlA2YAAAAQg"]
[Thu Jun 11 16:33:37.836940 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkf8lKn4qdPkDWlA2YQAAARI"]
[Thu Jun 11 16:33:37.837192 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkf8lKn4qdPkDWlA2YQAAARI"]
[Thu Jun 11 16:33:37.837377 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "aisNkf8lKn4qdPkDWlA2YQAAARI"]
[Thu Jun 11 16:33:37.837650 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2YQAAARI"]
[Thu Jun 11 16:33:37.838698 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNkUKTwdTIu69rj41nfwAAAMc"]
[Thu Jun 11 16:33:37.838927 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNkUKTwdTIu69rj41nfwAAAMc"]
[Thu Jun 11 16:33:37.839129 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "aisNkUKTwdTIu69rj41nfwAAAMc"]
[Thu Jun 11 16:33:37.839482 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41nfwAAAMc"]
[Thu Jun 11 16:33:37.840137 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkU4Kpjoch0F_BSr-jQAAAEE"]
[Thu Jun 11 16:33:37.840294 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkU4Kpjoch0F_BSr-jQAAAEE"]
[Thu Jun 11 16:33:37.840491 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.local"] [unique_id "aisNkU4Kpjoch0F_BSr-jQAAAEE"]
[Thu Jun 11 16:33:37.840724 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-jQAAAEE"]
[Thu Jun 11 16:33:37.841649 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNkUKTwdTIu69rj41nfgAAAMQ"]
[Thu Jun 11 16:33:37.841850 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNkUKTwdTIu69rj41nfgAAAMQ"]
[Thu Jun 11 16:33:37.842072 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "aisNkUKTwdTIu69rj41nfgAAAMQ"]
[Thu Jun 11 16:33:37.842339 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41nfgAAAMQ"]
[Thu Jun 11 16:33:37.843253 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/server/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKYgAAAI0"]
[Thu Jun 11 16:33:37.843563 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKYgAAAI0"]
[Thu Jun 11 16:33:37.859234 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNkTlbUCMVJYfLxkpKZQAAAJc"]
[Thu Jun 11 16:33:37.859339 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNkTlbUCMVJYfLxkpKZQAAAJc"]
[Thu Jun 11 16:33:37.859503 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNkTlbUCMVJYfLxkpKZQAAAJc"]
[Thu Jun 11 16:33:37.859747 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "aisNkTlbUCMVJYfLxkpKZQAAAJc"]
[Thu Jun 11 16:33:37.859816 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkf8lKn4qdPkDWlA2YgAAAQw"]
[Thu Jun 11 16:33:37.859957 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkf8lKn4qdPkDWlA2YgAAAQw"]
[Thu Jun 11 16:33:37.859985 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKZQAAAJc"]
[Thu Jun 11 16:33:37.860118 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "aisNkf8lKn4qdPkDWlA2YgAAAQw"]
[Thu Jun 11 16:33:37.860373 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2YgAAAQw"]
[Thu Jun 11 16:33:37.860968 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNkU4Kpjoch0F_BSr-jgAAAEM"]
[Thu Jun 11 16:33:37.861059 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNkU4Kpjoch0F_BSr-jgAAAEM"]
[Thu Jun 11 16:33:37.861158 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNkU4Kpjoch0F_BSr-jgAAAEM"]
[Thu Jun 11 16:33:37.861304 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.old"] [unique_id "aisNkU4Kpjoch0F_BSr-jgAAAEM"]
[Thu Jun 11 16:33:37.861538 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-jgAAAEM"]
[Thu Jun 11 16:33:37.862056 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNkazVaq-mvl-Hfs809gAAABA"]
[Thu Jun 11 16:33:37.862252 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNkazVaq-mvl-Hfs809gAAABA"]
[Thu Jun 11 16:33:37.862454 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.testing"] [unique_id "aisNkazVaq-mvl-Hfs809gAAABA"]
[Thu Jun 11 16:33:37.862775 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs809gAAABA"]
[Thu Jun 11 16:33:37.869195 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNkazVaq-mvl-Hfs809wAAAAw"]
[Thu Jun 11 16:33:37.869268 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNkazVaq-mvl-Hfs809wAAAAw"]
[Thu Jun 11 16:33:37.869469 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNkazVaq-mvl-Hfs809wAAAAw"]
[Thu Jun 11 16:33:37.869691 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup.old"] [unique_id "aisNkazVaq-mvl-Hfs809wAAAAw"]
[Thu Jun 11 16:33:37.869924 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs809wAAAAw"]
[Thu Jun 11 16:33:37.871107 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LAAAAUE"]
[Thu Jun 11 16:33:37.871274 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LAAAAUE"]
[Thu Jun 11 16:33:37.871527 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/database.yml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LAAAAUE"]
[Thu Jun 11 16:33:37.871850 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LAAAAUE"]
[Thu Jun 11 16:33:37.873392 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkTlbUCMVJYfLxkpKZgAAAIU"]
[Thu Jun 11 16:33:37.873548 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkTlbUCMVJYfLxkpKZgAAAIU"]
[Thu Jun 11 16:33:37.873761 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker"] [unique_id "aisNkTlbUCMVJYfLxkpKZgAAAIU"]
[Thu Jun 11 16:33:37.874126 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKZgAAAIU"]
[Thu Jun 11 16:33:37.875068 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNkUKTwdTIu69rj41ngAAAANY"]
[Thu Jun 11 16:33:37.875276 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNkUKTwdTIu69rj41ngAAAANY"]
[Thu Jun 11 16:33:37.875451 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/private/.env"] [unique_id "aisNkUKTwdTIu69rj41ngAAAANY"]
[Thu Jun 11 16:33:37.875686 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41ngAAAANY"]
[Thu Jun 11 16:33:37.876653 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_LQAAAU8"]
[Thu Jun 11 16:33:37.876805 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_LQAAAU8"]
[Thu Jun 11 16:33:37.877022 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development.local"] [unique_id "aisNkZQ1oEsc4pCWMDP_LQAAAU8"]
[Thu Jun 11 16:33:37.877300 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LQAAAU8"]
[Thu Jun 11 16:33:37.879252 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKZwAAAJE"]
[Thu Jun 11 16:33:37.879409 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKZwAAAJE"]
[Thu Jun 11 16:33:37.879622 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKZwAAAJE"]
[Thu Jun 11 16:33:37.879835 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKZwAAAJE"]
[Thu Jun 11 16:33:37.880689 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2YwAAAQg"]
[Thu Jun 11 16:33:37.880859 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2YwAAAQg"]
[Thu Jun 11 16:33:37.881028 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2YwAAAQg"]
[Thu Jun 11 16:33:37.881292 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2YwAAAQg"]
[Thu Jun 11 16:33:37.882427 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/etc/env.php"] [unique_id "aisNkazVaq-mvl-Hfs80-QAAABc"]
[Thu Jun 11 16:33:37.883792 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.npmrc"] [unique_id "aisNkZQ1oEsc4pCWMDP_LgAAAUs"]
[Thu Jun 11 16:33:37.886220 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application.properties"] [unique_id "aisNkazVaq-mvl-Hfs80-gAAAAA"]
[Thu Jun 11 16:33:37.887942 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNkU4Kpjoch0F_BSr-jwAAAEQ"]
[Thu Jun 11 16:33:37.888085 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bkp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNkU4Kpjoch0F_BSr-jwAAAEQ"]
[Thu Jun 11 16:33:37.888312 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bkp"] [unique_id "aisNkU4Kpjoch0F_BSr-jwAAAEQ"]
[Thu Jun 11 16:33:37.888533 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkU4Kpjoch0F_BSr-jwAAAEQ"]
[Thu Jun 11 16:33:37.889514 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application.yml"] [unique_id "aisNkU4Kpjoch0F_BSr-kAAAAEw"]
[Thu Jun 11 16:33:37.890933 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secret.json"] [unique_id "aisNkUKTwdTIu69rj41ngQAAAMs"]
[Thu Jun 11 16:33:37.939533 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2ZAAAAQw"]
[Thu Jun 11 16:33:37.939814 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2ZAAAAQw"]
[Thu Jun 11 16:33:37.940184 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNkUKTwdTIu69rj41nggAAAMc"]
[Thu Jun 11 16:33:37.940342 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/frontend/.env"] [unique_id "aisNkf8lKn4qdPkDWlA2ZAAAAQw"]
[Thu Jun 11 16:33:37.940345 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNkUKTwdTIu69rj41nggAAAMc"]
[Thu Jun 11 16:33:37.940545 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "aisNkUKTwdTIu69rj41nggAAAMc"]
[Thu Jun 11 16:33:37.940882 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkUKTwdTIu69rj41nggAAAMc"]
[Thu Jun 11 16:33:37.941598 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_LwAAAUE"]
[Thu Jun 11 16:33:37.941747 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/includes/config.php"] [unique_id "aisNkf8lKn4qdPkDWlA2ZQAAARI"]
[Thu Jun 11 16:33:37.942614 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_LwAAAUE"]
[Thu Jun 11 16:33:37.942818 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/development/.env"] [unique_id "aisNkZQ1oEsc4pCWMDP_LwAAAUE"]
[Thu Jun 11 16:33:37.943303 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.json"] [unique_id "aisNkU4Kpjoch0F_BSr-kQAAAEE"]
[Thu Jun 11 16:33:37.944712 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKaAAAAI0"]
[Thu Jun 11 16:33:37.944852 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKaAAAAI0"]
[Thu Jun 11 16:33:37.945081 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db_backup.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKaAAAAI0"]
[Thu Jun 11 16:33:37.945314 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKaAAAAI0"]
[Thu Jun 11 16:33:37.946108 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.ftpconfig"] [unique_id "aisNkUKTwdTIu69rj41ngwAAANY"]
[Thu Jun 11 16:33:37.946498 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNkazVaq-mvl-Hfs80_AAAABA"]
[Thu Jun 11 16:33:37.946784 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNkazVaq-mvl-Hfs80_AAAABA"]
[Thu Jun 11 16:33:37.947018 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cache/.env"] [unique_id "aisNkazVaq-mvl-Hfs80_AAAABA"]
[Thu Jun 11 16:33:37.947324 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkazVaq-mvl-Hfs80_AAAABA"]
[Thu Jun 11 16:33:37.947603 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.json"] [unique_id "aisNkTlbUCMVJYfLxkpKaQAAAIU"]
[Thu Jun 11 16:33:37.948340 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNkf8lKn4qdPkDWlA2ZgAAAQg"]
[Thu Jun 11 16:33:37.948404 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNkf8lKn4qdPkDWlA2ZgAAAQg"]
[Thu Jun 11 16:33:37.948520 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNkf8lKn4qdPkDWlA2ZgAAAQg"]
[Thu Jun 11 16:33:37.948744 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local.bak"] [unique_id "aisNkf8lKn4qdPkDWlA2ZgAAAQg"]
[Thu Jun 11 16:33:37.948947 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2ZgAAAQg"]
[Thu Jun 11 16:33:37.949136 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.js"] [unique_id "aisNkf8lKn4qdPkDWlA2ZwAAARA"]
[Thu Jun 11 16:33:37.949939 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKagAAAJE"]
[Thu Jun 11 16:33:37.950113 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKagAAAJE"]
[Thu Jun 11 16:33:37.950247 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v3/.env"] [unique_id "aisNkTlbUCMVJYfLxkpKagAAAJE"]
[Thu Jun 11 16:33:37.950525 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKagAAAJE"]
[Thu Jun 11 16:33:37.950833 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNkZQ1oEsc4pCWMDP_MAAAAVI"]
[Thu Jun 11 16:33:37.950917 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNkZQ1oEsc4pCWMDP_MAAAAVI"]
[Thu Jun 11 16:33:37.951027 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNkZQ1oEsc4pCWMDP_MAAAAVI"]
[Thu Jun 11 16:33:37.951174 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php~"] [unique_id "aisNkZQ1oEsc4pCWMDP_MAAAAVI"]
[Thu Jun 11 16:33:37.951505 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_MAAAAVI"]
[Thu Jun 11 16:33:37.951730 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.override.yml"] [unique_id "aisNkU4Kpjoch0F_BSr-kgAAAEQ"]
[Thu Jun 11 16:33:37.952493 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local.php"] [unique_id "aisNkUKTwdTIu69rj41nhAAAAMQ"]
[Thu Jun 11 16:33:37.953489 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-admin/"] [unique_id "aisNkazVaq-mvl-Hfs80_QAAABc"]
[Thu Jun 11 16:33:37.954669 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2ZAAAAQw"]
[Thu Jun 11 16:33:37.954709 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/filesystems.php"] [unique_id "aisNkZQ1oEsc4pCWMDP_MQAAAU8"]
[Thu Jun 11 16:33:37.955319 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public.zip"] [unique_id "aisNkazVaq-mvl-Hfs80-wAAAAw"]
[Thu Jun 11 16:33:37.956344 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/web.xml"] [unique_id "aisNkU4Kpjoch0F_BSr-kwAAAEM"]
[Thu Jun 11 16:33:37.956349 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkZQ1oEsc4pCWMDP_LwAAAUE"]
[Thu Jun 11 16:33:37.958113 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/META-INF/context.xml"] [unique_id "aisNkU4Kpjoch0F_BSr-lAAAAEw"]
[Thu Jun 11 16:33:37.959410 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Jenkinsfile"] [unique_id "aisNkUKTwdTIu69rj41nhQAAAMs"]
[Thu Jun 11 16:33:37.961070 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/next.config.js"] [unique_id "aisNkazVaq-mvl-Hfs80_gAAAAA"]
[Thu Jun 11 16:33:37.962513 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Pipfile"] [unique_id "aisNkZQ1oEsc4pCWMDP_MgAAAUs"]
[Thu Jun 11 16:33:37.963940 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKawAAAJc"]
[Thu Jun 11 16:33:37.964016 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKawAAAJc"]
[Thu Jun 11 16:33:37.964321 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/postgres.sql"] [unique_id "aisNkTlbUCMVJYfLxkpKawAAAJc"]
[Thu Jun 11 16:33:37.964530 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkTlbUCMVJYfLxkpKawAAAJc"]
[Thu Jun 11 16:33:37.981828 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.terraform/terraform.tfstate"] [unique_id "aisNkUKTwdTIu69rj41nhgAAAMc"]
[Thu Jun 11 16:33:37.984034 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNkf8lKn4qdPkDWlA2aAAAARI"]
[Thu Jun 11 16:33:37.984179 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNkf8lKn4qdPkDWlA2aAAAARI"]
[Thu Jun 11 16:33:37.984426 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/etc/local.xml"] [unique_id "aisNkf8lKn4qdPkDWlA2aAAAARI"]
[Thu Jun 11 16:33:37.984668 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2aAAAARI"]
[Thu Jun 11 16:33:37.984869 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/configuration.php"] [unique_id "aisNkZQ1oEsc4pCWMDP_MwAAAUE"]
[Thu Jun 11 16:33:37.985762 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql.gz"] [unique_id "aisNkU4Kpjoch0F_BSr-lQAAAEE"]
[Thu Jun 11 16:33:37.987321 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.zip"] [unique_id "aisNkazVaq-mvl-Hfs80_wAAABA"]
[Thu Jun 11 16:33:37.987475 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secret"] [unique_id "aisNkUKTwdTIu69rj41nhwAAANY"]
[Thu Jun 11 16:33:37.989621 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/instance/config.py"] [unique_id "aisNkTlbUCMVJYfLxkpKbQAAAIU"]
[Thu Jun 11 16:33:37.991617 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sitemap.xml"] [unique_id "aisNkTlbUCMVJYfLxkpKbgAAAI0"]
[Thu Jun 11 16:33:37.993365 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNkf8lKn4qdPkDWlA2aQAAAQg"]
[Thu Jun 11 16:33:37.993439 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNkf8lKn4qdPkDWlA2aQAAAQg"]
[Thu Jun 11 16:33:37.993805 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/log/production.log"] [unique_id "aisNkf8lKn4qdPkDWlA2aQAAAQg"]
[Thu Jun 11 16:33:37.994188 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2aQAAAQg"]
[Thu Jun 11 16:33:37.995013 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-dev.yml"] [unique_id "aisNkazVaq-mvl-Hfs81AAAAABc"]
[Thu Jun 11 16:33:37.996287 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server-info"] [unique_id "aisNkU4Kpjoch0F_BSr-lgAAAEQ"]
[Thu Jun 11 16:33:37.997537 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secrets.yml"] [unique_id "aisNkf8lKn4qdPkDWlA2agAAAQw"]
[Thu Jun 11 16:33:37.999180 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.yaml"] [unique_id "aisNkZQ1oEsc4pCWMDP_NAAAAU8"]
[Thu Jun 11 16:33:37.999407 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi/env"] [unique_id "aisNkTlbUCMVJYfLxkpKbwAAAJE"]
[Thu Jun 11 16:33:38.000868 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81AQAAAAw"]
[Thu Jun 11 16:33:38.001036 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81AQAAAAw"]
[Thu Jun 11 16:33:38.001080 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNkf8lKn4qdPkDWlA2awAAARA"]
[Thu Jun 11 16:33:38.001213 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/storage/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81AQAAAAw"]
[Thu Jun 11 16:33:38.001229 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNkf8lKn4qdPkDWlA2awAAARA"]
[Thu Jun 11 16:33:38.001411 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.release"] [unique_id "aisNkf8lKn4qdPkDWlA2awAAARA"]
[Thu Jun 11 16:33:38.001431 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81AQAAAAw"]
[Thu Jun 11 16:33:38.001670 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkf8lKn4qdPkDWlA2awAAARA"]
[Thu Jun 11 16:33:38.002496 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nuxt.config.ts"] [unique_id "aisNkk4Kpjoch0F_BSr-lwAAAEw"]
[Thu Jun 11 16:33:38.003734 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.Production.json"] [unique_id "aisNkk4Kpjoch0F_BSr-mAAAAEM"]
[Thu Jun 11 16:33:38.005099 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_NQAAAVI"]
[Thu Jun 11 16:33:38.005287 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_NQAAAVI"]
[Thu Jun 11 16:33:38.005377 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNkkKTwdTIu69rj41niAAAAMs"]
[Thu Jun 11 16:33:38.005445 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/config/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_NQAAAVI"]
[Thu Jun 11 16:33:38.005451 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNkkKTwdTIu69rj41niAAAAMs"]
[Thu Jun 11 16:33:38.005732 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_NQAAAVI"]
[Thu Jun 11 16:33:38.005913 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tmp/logs/error.log"] [unique_id "aisNkkKTwdTIu69rj41niAAAAMs"]
[Thu Jun 11 16:33:38.006135 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41niAAAAMs"]
[Thu Jun 11 16:33:38.006724 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNkqzVaq-mvl-Hfs81AgAAAAA"]
[Thu Jun 11 16:33:38.006791 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNkqzVaq-mvl-Hfs81AgAAAAA"]
[Thu Jun 11 16:33:38.006818 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNkkKTwdTIu69rj41niQAAAMQ"]
[Thu Jun 11 16:33:38.006974 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "/sites/default/settings.local.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.local.php found within REQUEST_FILENAME: /sites/default/settings.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNkkKTwdTIu69rj41niQAAAMQ"]
[Thu Jun 11 16:33:38.007058 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/local_settings.py.bak"] [unique_id "aisNkqzVaq-mvl-Hfs81AgAAAAA"]
[Thu Jun 11 16:33:38.007135 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sites/default/settings.local.php"] [unique_id "aisNkkKTwdTIu69rj41niQAAAMQ"]
[Thu Jun 11 16:33:38.007337 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81AgAAAAA"]
[Thu Jun 11 16:33:38.007403 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41niQAAAMQ"]
[Thu Jun 11 16:33:38.008052 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNkpQ1oEsc4pCWMDP_NgAAAUs"]
[Thu Jun 11 16:33:38.008201 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNkpQ1oEsc4pCWMDP_NgAAAUs"]
[Thu Jun 11 16:33:38.008335 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/index"] [unique_id "aisNkpQ1oEsc4pCWMDP_NgAAAUs"]
[Thu Jun 11 16:33:38.008544 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_NgAAAUs"]
[Thu Jun 11 16:33:38.009846 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/initializers/secret_token.rb"] [unique_id "aisNkjlbUCMVJYfLxkpKcAAAAJc"]
[Thu Jun 11 16:33:38.022091 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkkKTwdTIu69rj41nigAAAMc"]
[Thu Jun 11 16:33:38.022255 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkkKTwdTIu69rj41nigAAAMc"]
[Thu Jun 11 16:33:38.022855 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkkKTwdTIu69rj41nigAAAMc"]
[Thu Jun 11 16:33:38.023103 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nigAAAMc"]
[Thu Jun 11 16:33:38.024917 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_profiler/phpinfo"] [unique_id "aisNkv8lKn4qdPkDWlA2bAAAARI"]
[Thu Jun 11 16:33:38.028373 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.inc.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_NwAAAUE"]
[Thu Jun 11 16:33:38.029176 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNkk4Kpjoch0F_BSr-mQAAAEE"]
[Thu Jun 11 16:33:38.029339 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNkk4Kpjoch0F_BSr-mQAAAEE"]
[Thu Jun 11 16:33:38.029494 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.aws/config"] [unique_id "aisNkk4Kpjoch0F_BSr-mQAAAEE"]
[Thu Jun 11 16:33:38.029765 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-mQAAAEE"]
[Thu Jun 11 16:33:38.029862 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.php"] [unique_id "aisNkqzVaq-mvl-Hfs81AwAAABA"]
[Thu Jun 11 16:33:38.030617 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html.zip"] [unique_id "aisNkkKTwdTIu69rj41niwAAANY"]
[Thu Jun 11 16:33:38.031533 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site.tar.gz"] [unique_id "aisNkjlbUCMVJYfLxkpKcQAAAIU"]
[Thu Jun 11 16:33:38.032253 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.tar.gz"] [unique_id "aisNkjlbUCMVJYfLxkpKcgAAAI0"]
[Thu Jun 11 16:33:38.036397 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81BAAAABc"]
[Thu Jun 11 16:33:38.036699 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81BAAAABc"]
[Thu Jun 11 16:33:38.036856 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/client/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81BAAAABc"]
[Thu Jun 11 16:33:38.037143 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81BAAAABc"]
[Thu Jun 11 16:33:38.038134 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/appsettings.Development.json"] [unique_id "aisNkv8lKn4qdPkDWlA2bQAAAQg"]
[Thu Jun 11 16:33:38.042999 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.prod.yaml"] [unique_id "aisNkv8lKn4qdPkDWlA2bgAAAQw"]
[Thu Jun 11 16:33:38.044291 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNkk4Kpjoch0F_BSr-mgAAAEw"]
[Thu Jun 11 16:33:38.044437 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.hg/ found within REQUEST_FILENAME: /.hg/hgrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNkk4Kpjoch0F_BSr-mgAAAEw"]
[Thu Jun 11 16:33:38.044558 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-mwAAAEQ"]
[Thu Jun 11 16:33:38.044665 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.hg/hgrc"] [unique_id "aisNkk4Kpjoch0F_BSr-mgAAAEw"]
[Thu Jun 11 16:33:38.044744 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-mwAAAEQ"]
[Thu Jun 11 16:33:38.045025 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-mgAAAEw"]
[Thu Jun 11 16:33:38.045111 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/environment/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-mwAAAEQ"]
[Thu Jun 11 16:33:38.045316 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-mwAAAEQ"]
[Thu Jun 11 16:33:38.046106 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/pma/"] [unique_id "aisNkqzVaq-mvl-Hfs81BQAAAAw"]
[Thu Jun 11 16:33:38.046184 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNkkKTwdTIu69rj41njQAAAMs"]
[Thu Jun 11 16:33:38.046265 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNkkKTwdTIu69rj41njQAAAMs"]
[Thu Jun 11 16:33:38.046739 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-content/debug.log"] [unique_id "aisNkkKTwdTIu69rj41njQAAAMs"]
[Thu Jun 11 16:33:38.047235 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41njQAAAMs"]
[Thu Jun 11 16:33:38.048245 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/codeship.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_OAAAAU8"]
[Thu Jun 11 16:33:38.048326 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap-prod.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-nAAAAEM"]
[Thu Jun 11 16:33:38.049554 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNkv8lKn4qdPkDWlA2bwAAARA"]
[Thu Jun 11 16:33:38.049727 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNkv8lKn4qdPkDWlA2bwAAARA"]
[Thu Jun 11 16:33:38.049907 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env_keys"] [unique_id "aisNkv8lKn4qdPkDWlA2bwAAARA"]
[Thu Jun 11 16:33:38.050100 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2bwAAARA"]
[Thu Jun 11 16:33:38.050966 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.override.yml"] [unique_id "aisNkpQ1oEsc4pCWMDP_OQAAAVI"]
[Thu Jun 11 16:33:38.052733 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap/cache/config.php"] [unique_id "aisNkqzVaq-mvl-Hfs81BgAAAAA"]
[Thu Jun 11 16:33:38.054437 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/env.php"] [unique_id "aisNkkKTwdTIu69rj41njgAAAMQ"]
[Thu Jun 11 16:33:38.055883 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_OgAAAUs"]
[Thu Jun 11 16:33:38.056066 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_OgAAAUs"]
[Thu Jun 11 16:33:38.056290 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/package.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_OgAAAUs"]
[Thu Jun 11 16:33:38.056485 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_OgAAAUs"]
[Thu Jun 11 16:33:38.057351 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Vagrantfile"] [unique_id "aisNkjlbUCMVJYfLxkpKdAAAAJc"]
[Thu Jun 11 16:33:38.058252 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-local.properties"] [unique_id "aisNkjlbUCMVJYfLxkpKcwAAAJE"]
[Thu Jun 11 16:33:38.067670 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNkv8lKn4qdPkDWlA2cAAAARI"]
[Thu Jun 11 16:33:38.067843 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bkp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNkv8lKn4qdPkDWlA2cAAAARI"]
[Thu Jun 11 16:33:38.068108 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.bkp"] [unique_id "aisNkv8lKn4qdPkDWlA2cAAAARI"]
[Thu Jun 11 16:33:38.068424 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2cAAAARI"]
[Thu Jun 11 16:33:38.069080 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.yarnrc"] [unique_id "aisNkpQ1oEsc4pCWMDP_OwAAAUE"]
[Thu Jun 11 16:33:38.069930 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/inc/config.php"] [unique_id "aisNkkKTwdTIu69rj41njwAAAMc"]
[Thu Jun 11 16:33:38.071224 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNkqzVaq-mvl-Hfs81BwAAABA"]
[Thu Jun 11 16:33:38.071456 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNkqzVaq-mvl-Hfs81BwAAABA"]
[Thu Jun 11 16:33:38.071864 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/logs/HEAD"] [unique_id "aisNkqzVaq-mvl-Hfs81BwAAABA"]
[Thu Jun 11 16:33:38.072072 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81BwAAABA"]
[Thu Jun 11 16:33:38.072212 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-local.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-nQAAAEE"]
[Thu Jun 11 16:33:38.073861 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.flaskenv"] [unique_id "aisNkjlbUCMVJYfLxkpKdQAAAI0"]
[Thu Jun 11 16:33:38.076208 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings/base.py"] [unique_id "aisNkkKTwdTIu69rj41nkAAAANY"]
[Thu Jun 11 16:33:38.083130 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNkv8lKn4qdPkDWlA2cQAAAQw"]
[Thu Jun 11 16:33:38.083326 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNkv8lKn4qdPkDWlA2cQAAAQw"]
[Thu Jun 11 16:33:38.083529 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/HEAD"] [unique_id "aisNkv8lKn4qdPkDWlA2cQAAAQw"]
[Thu Jun 11 16:33:38.083755 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2cQAAAQw"]
[Thu Jun 11 16:33:38.084407 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitattributes"] [unique_id "aisNkk4Kpjoch0F_BSr-ngAAAEw"]
[Thu Jun 11 16:33:38.085072 2026] [authz_core:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] AH01630: client denied by server configuration: /disk001/augenn/public_html/.htpasswd
[Thu Jun 11 16:33:38.086139 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-nwAAAEQ"]
[Thu Jun 11 16:33:38.086209 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-nwAAAEQ"]
[Thu Jun 11 16:33:38.086554 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-nwAAAEQ"]
[Thu Jun 11 16:33:38.086774 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-nwAAAEQ"]
[Thu Jun 11 16:33:38.088111 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/production.rb"] [unique_id "aisNkqzVaq-mvl-Hfs81CAAAAAw"]
[Thu Jun 11 16:33:38.089194 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNkkKTwdTIu69rj41nkQAAAMs"]
[Thu Jun 11 16:33:38.089344 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNkkKTwdTIu69rj41nkQAAAMs"]
[Thu Jun 11 16:33:38.089530 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/live/.env"] [unique_id "aisNkkKTwdTIu69rj41nkQAAAMs"]
[Thu Jun 11 16:33:38.089794 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nkQAAAMs"]
[Thu Jun 11 16:33:38.090423 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/custom-environment-variables.json"] [unique_id "aisNkqzVaq-mvl-Hfs81CQAAABc"]
[Thu Jun 11 16:33:38.093199 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNkv8lKn4qdPkDWlA2cwAAARA"]
[Thu Jun 11 16:33:38.093344 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNkv8lKn4qdPkDWlA2cwAAARA"]
[Thu Jun 11 16:33:38.093533 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/package-lock.json"] [unique_id "aisNkv8lKn4qdPkDWlA2cwAAARA"]
[Thu Jun 11 16:33:38.093809 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2cwAAARA"]
[Thu Jun 11 16:33:38.094415 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/services.php"] [unique_id "aisNkjlbUCMVJYfLxkpKdgAAAIU"]
[Thu Jun 11 16:33:38.094429 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.yaml"] [unique_id "aisNkk4Kpjoch0F_BSr-oAAAAEM"]
[Thu Jun 11 16:33:38.095455 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bitbucket-pipelines.yml"] [unique_id "aisNkpQ1oEsc4pCWMDP_PAAAAVI"]
[Thu Jun 11 16:33:38.096023 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_PQAAAU8"]
[Thu Jun 11 16:33:38.096109 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_PQAAAU8"]
[Thu Jun 11 16:33:38.096295 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/mysql.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_PQAAAU8"]
[Thu Jun 11 16:33:38.096519 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_PQAAAU8"]
[Thu Jun 11 16:33:38.097904 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKdwAAAJc"]
[Thu Jun 11 16:33:38.098412 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKdwAAAJc"]
[Thu Jun 11 16:33:38.098642 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKdwAAAJc"]
[Thu Jun 11 16:33:38.099084 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKdwAAAJc"]
[Thu Jun 11 16:33:38.099556 2026] [security2:error] [pid 21296:tid 21300] [client 162.243.172.115:43762] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cpanel"] [unique_id "aisNkqzVaq-mvl-Hfs81CgAAAAA"]
[Thu Jun 11 16:33:38.100112 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/build.gradle"] [unique_id "aisNkpQ1oEsc4pCWMDP_PgAAAUs"]
[Thu Jun 11 16:33:38.101184 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.firebaserc"] [unique_id "aisNkkKTwdTIu69rj41nkgAAAMQ"]
[Thu Jun 11 16:33:38.102662 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/api-docs"] [unique_id "aisNkjlbUCMVJYfLxkpKeAAAAJE"]
[Thu Jun 11 16:33:38.111422 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNkv8lKn4qdPkDWlA2dAAAARI"]
[Thu Jun 11 16:33:38.111661 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNkv8lKn4qdPkDWlA2dAAAARI"]
[Thu Jun 11 16:33:38.111826 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.gitignore"] [unique_id "aisNkv8lKn4qdPkDWlA2dAAAARI"]
[Thu Jun 11 16:33:38.112051 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2dAAAARI"]
[Thu Jun 11 16:33:38.118326 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-oQAAAEE"]
[Thu Jun 11 16:33:38.118482 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-oQAAAEE"]
[Thu Jun 11 16:33:38.118738 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dist/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-oQAAAEE"]
[Thu Jun 11 16:33:38.119002 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-oQAAAEE"]
[Thu Jun 11 16:33:38.119860 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKeQAAAI0"]
[Thu Jun 11 16:33:38.120063 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKeQAAAI0"]
[Thu Jun 11 16:33:38.120372 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v2/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKeQAAAI0"]
[Thu Jun 11 16:33:38.120386 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNkpQ1oEsc4pCWMDP_PwAAAUE"]
[Thu Jun 11 16:33:38.120549 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.override"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNkpQ1oEsc4pCWMDP_PwAAAUE"]
[Thu Jun 11 16:33:38.120614 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKeQAAAI0"]
[Thu Jun 11 16:33:38.121377 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.staging.yml"] [unique_id "aisNkqzVaq-mvl-Hfs81CwAAABA"]
[Thu Jun 11 16:33:38.122906 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.override"] [unique_id "aisNkpQ1oEsc4pCWMDP_PwAAAUE"]
[Thu Jun 11 16:33:38.123137 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_PwAAAUE"]
[Thu Jun 11 16:33:38.125121 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/crossdomain.xml"] [unique_id "aisNkv8lKn4qdPkDWlA2dQAAAQw"]
[Thu Jun 11 16:33:38.126713 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ogAAAEQ"]
[Thu Jun 11 16:33:38.126875 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ogAAAEQ"]
[Thu Jun 11 16:33:38.127145 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/project/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ogAAAEQ"]
[Thu Jun 11 16:33:38.127358 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-ogAAAEQ"]
[Thu Jun 11 16:33:38.128269 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNkk4Kpjoch0F_BSr-owAAAEw"]
[Thu Jun 11 16:33:38.128412 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker-compose"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNkk4Kpjoch0F_BSr-owAAAEw"]
[Thu Jun 11 16:33:38.128722 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.docker-compose"] [unique_id "aisNkk4Kpjoch0F_BSr-owAAAEw"]
[Thu Jun 11 16:33:38.128948 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-owAAAEw"]
[Thu Jun 11 16:33:38.130315 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNkkKTwdTIu69rj41nlAAAANY"]
[Thu Jun 11 16:33:38.130435 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNkkKTwdTIu69rj41nlAAAANY"]
[Thu Jun 11 16:33:38.130727 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump.sql"] [unique_id "aisNkkKTwdTIu69rj41nlAAAANY"]
[Thu Jun 11 16:33:38.130994 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nlAAAANY"]
[Thu Jun 11 16:33:38.131245 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/env"] [unique_id "aisNkv8lKn4qdPkDWlA2dgAAAQg"]
[Thu Jun 11 16:33:38.131873 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/parameters.php"] [unique_id "aisNkkKTwdTIu69rj41nlQAAAMs"]
[Thu Jun 11 16:33:38.132451 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNkqzVaq-mvl-Hfs81DAAAAAw"]
[Thu Jun 11 16:33:38.133688 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api-docs"] [unique_id "aisNkkKTwdTIu69rj41nkwAAAMc"]
[Thu Jun 11 16:33:38.134197 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DQAAABc"]
[Thu Jun 11 16:33:38.134331 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DQAAABc"]
[Thu Jun 11 16:33:38.134621 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tmp/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DQAAABc"]
[Thu Jun 11 16:33:38.134831 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81DQAAABc"]
[Thu Jun 11 16:33:38.135206 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.previous"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNkqzVaq-mvl-Hfs81DAAAAAw"]
[Thu Jun 11 16:33:38.135488 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.previous"] [unique_id "aisNkqzVaq-mvl-Hfs81DAAAAAw"]
[Thu Jun 11 16:33:38.135742 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81DAAAAAw"]
[Thu Jun 11 16:33:38.139302 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap-dev.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-pAAAAEM"]
[Thu Jun 11 16:33:38.139364 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env"] [unique_id "aisNkv8lKn4qdPkDWlA2dwAAARA"]
[Thu Jun 11 16:33:38.140770 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QQAAAVI"]
[Thu Jun 11 16:33:38.140804 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QAAAAU8"]
[Thu Jun 11 16:33:38.140942 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QQAAAVI"]
[Thu Jun 11 16:33:38.140950 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QAAAAU8"]
[Thu Jun 11 16:33:38.141211 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/server/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QAAAAU8"]
[Thu Jun 11 16:33:38.141212 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/html/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QQAAAVI"]
[Thu Jun 11 16:33:38.141446 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_QAAAAU8"]
[Thu Jun 11 16:33:38.141457 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_QQAAAVI"]
[Thu Jun 11 16:33:38.142182 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ftpsync.settings"] [unique_id "aisNkjlbUCMVJYfLxkpKegAAAJc"]
[Thu Jun 11 16:33:38.144197 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNkjlbUCMVJYfLxkpKewAAAIU"]
[Thu Jun 11 16:33:38.144271 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNkjlbUCMVJYfLxkpKewAAAIU"]
[Thu Jun 11 16:33:38.144548 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/logs/error.log"] [unique_id "aisNkjlbUCMVJYfLxkpKewAAAIU"]
[Thu Jun 11 16:33:38.144798 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKewAAAIU"]
[Thu Jun 11 16:33:38.145832 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QgAAAUs"]
[Thu Jun 11 16:33:38.145985 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QgAAAUs"]
[Thu Jun 11 16:33:38.146196 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/services/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_QgAAAUs"]
[Thu Jun 11 16:33:38.146751 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_QgAAAUs"]
[Thu Jun 11 16:33:38.146829 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/swagger.json"] [unique_id "aisNkkKTwdTIu69rj41nlgAAAMQ"]
[Thu Jun 11 16:33:38.156406 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ansible/group_vars/all.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKfAAAAJE"]
[Thu Jun 11 16:33:38.163285 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/i.php"] [unique_id "aisNkk4Kpjoch0F_BSr-pQAAAEE"]
[Thu Jun 11 16:33:38.164022 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNkqzVaq-mvl-Hfs81DgAAABA"]
[Thu Jun 11 16:33:38.164182 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.defaults"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNkqzVaq-mvl-Hfs81DgAAABA"]
[Thu Jun 11 16:33:38.164384 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.defaults"] [unique_id "aisNkqzVaq-mvl-Hfs81DgAAABA"]
[Thu Jun 11 16:33:38.164637 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81DgAAABA"]
[Thu Jun 11 16:33:38.164811 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/local.json"] [unique_id "aisNkv8lKn4qdPkDWlA2eAAAARI"]
[Thu Jun 11 16:33:38.167202 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysql/"] [unique_id "aisNkjlbUCMVJYfLxkpKfQAAAI0"]
[Thu Jun 11 16:33:38.167481 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNkpQ1oEsc4pCWMDP_QwAAAUE"]
[Thu Jun 11 16:33:38.167610 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNkpQ1oEsc4pCWMDP_QwAAAUE"]
[Thu Jun 11 16:33:38.167743 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNkpQ1oEsc4pCWMDP_QwAAAUE"]
[Thu Jun 11 16:33:38.167930 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.bak"] [unique_id "aisNkpQ1oEsc4pCWMDP_QwAAAUE"]
[Thu Jun 11 16:33:38.168142 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_QwAAAUE"]
[Thu Jun 11 16:33:38.172242 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/_debugbar/open"] [unique_id "aisNkk4Kpjoch0F_BSr-pgAAAEQ"]
[Thu Jun 11 16:33:38.173895 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/terraform.tfvars"] [unique_id "aisNkv8lKn4qdPkDWlA2eQAAAQw"]
[Thu Jun 11 16:33:38.175281 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/firebase.json"] [unique_id "aisNkkKTwdTIu69rj41nlwAAANY"]
[Thu Jun 11 16:33:38.179219 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config.py"] [unique_id "aisNkkKTwdTIu69rj41nmAAAAMs"]
[Thu Jun 11 16:33:38.182869 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nest-cli.json"] [unique_id "aisNkv8lKn4qdPkDWlA2egAAAQg"]
[Thu Jun 11 16:33:38.187234 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNkk4Kpjoch0F_BSr-pwAAAEM"]
[Thu Jun 11 16:33:38.187307 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNkk4Kpjoch0F_BSr-pwAAAEM"]
[Thu Jun 11 16:33:38.187622 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/debug.log"] [unique_id "aisNkk4Kpjoch0F_BSr-pwAAAEM"]
[Thu Jun 11 16:33:38.187834 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-pwAAAEM"]
[Thu Jun 11 16:33:38.188758 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RAAAAU8"]
[Thu Jun 11 16:33:38.188900 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RAAAAU8"]
[Thu Jun 11 16:33:38.189051 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/temp/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RAAAAU8"]
[Thu Jun 11 16:33:38.189254 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_RAAAAU8"]
[Thu Jun 11 16:33:38.194227 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.tar"] [unique_id "aisNkv8lKn4qdPkDWlA2ewAAARA"]
[Thu Jun 11 16:33:38.195653 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RQAAAVI"]
[Thu Jun 11 16:33:38.195819 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RQAAAVI"]
[Thu Jun 11 16:33:38.195960 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_RQAAAVI"]
[Thu Jun 11 16:33:38.196154 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_RQAAAVI"]
[Thu Jun 11 16:33:38.197002 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DwAAAAw"]
[Thu Jun 11 16:33:38.197152 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cgi-bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DwAAAAw"]
[Thu Jun 11 16:33:38.197322 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cgi-bin/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81DwAAAAw"]
[Thu Jun 11 16:33:38.197643 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81DwAAAAw"]
[Thu Jun 11 16:33:38.198391 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EAAAABc"]
[Thu Jun 11 16:33:38.198640 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EAAAABc"]
[Thu Jun 11 16:33:38.198834 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/django/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EAAAABc"]
[Thu Jun 11 16:33:38.199031 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81EAAAABc"]
[Thu Jun 11 16:33:38.199197 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNkkKTwdTIu69rj41nmQAAAMc"]
[Thu Jun 11 16:33:38.199264 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNkkKTwdTIu69rj41nmQAAAMc"]
[Thu Jun 11 16:33:38.199394 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNkkKTwdTIu69rj41nmQAAAMc"]
[Thu Jun 11 16:33:38.199635 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.old"] [unique_id "aisNkkKTwdTIu69rj41nmQAAAMc"]
[Thu Jun 11 16:33:38.199859 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nmQAAAMc"]
[Thu Jun 11 16:33:38.203353 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNkk4Kpjoch0F_BSr-qAAAAEw"]
[Thu Jun 11 16:33:38.203498 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNkk4Kpjoch0F_BSr-qAAAAEw"]
[Thu Jun 11 16:33:38.203685 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.svn/entries"] [unique_id "aisNkk4Kpjoch0F_BSr-qAAAAEw"]
[Thu Jun 11 16:33:38.203897 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-qAAAAEw"]
[Thu Jun 11 16:33:38.204811 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings/production.py"] [unique_id "aisNkjlbUCMVJYfLxkpKfgAAAIU"]
[Thu Jun 11 16:33:38.206376 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/server-status"] [unique_id "aisNkpQ1oEsc4pCWMDP_RgAAAUs"]
[Thu Jun 11 16:33:38.207936 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNkk4Kpjoch0F_BSr-qQAAAEE"]
[Thu Jun 11 16:33:38.208007 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNkk4Kpjoch0F_BSr-qQAAAEE"]
[Thu Jun 11 16:33:38.208193 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Gemfile.lock"] [unique_id "aisNkkKTwdTIu69rj41nmgAAAMQ"]
[Thu Jun 11 16:33:38.208274 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env.old"] [unique_id "aisNkk4Kpjoch0F_BSr-qQAAAEE"]
[Thu Jun 11 16:33:38.208478 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-qQAAAEE"]
[Thu Jun 11 16:33:38.209607 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNkqzVaq-mvl-Hfs81EQAAABA"]
[Thu Jun 11 16:33:38.209679 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNkqzVaq-mvl-Hfs81EQAAABA"]
[Thu Jun 11 16:33:38.209946 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/log/app.log"] [unique_id "aisNkqzVaq-mvl-Hfs81EQAAABA"]
[Thu Jun 11 16:33:38.210151 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81EQAAABA"]
[Thu Jun 11 16:33:38.214103 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-qgAAAEQ"]
[Thu Jun 11 16:33:38.214340 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/environments/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-qgAAAEQ"]
[Thu Jun 11 16:33:38.214483 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/environments/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-qgAAAEQ"]
[Thu Jun 11 16:33:38.214715 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-qgAAAEQ"]
[Thu Jun 11 16:33:38.217198 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local_settings.py"] [unique_id "aisNkjlbUCMVJYfLxkpKfwAAAJc"]
[Thu Jun 11 16:33:38.218732 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/env"] [unique_id "aisNkv8lKn4qdPkDWlA2fAAAARI"]
[Thu Jun 11 16:33:38.219450 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKgAAAAJE"]
[Thu Jun 11 16:33:38.219644 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKgAAAAJE"]
[Thu Jun 11 16:33:38.219870 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKgAAAAJE"]
[Thu Jun 11 16:33:38.220138 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKgAAAAJE"]
[Thu Jun 11 16:33:38.220347 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/next.config.ts"] [unique_id "aisNkkKTwdTIu69rj41nmwAAANY"]
[Thu Jun 11 16:33:38.221067 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/include/config.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_RwAAAUE"]
[Thu Jun 11 16:33:38.221731 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public.tar.gz"] [unique_id "aisNkjlbUCMVJYfLxkpKgQAAAI0"]
[Thu Jun 11 16:33:38.222476 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2fQAAAQw"]
[Thu Jun 11 16:33:38.222659 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2fQAAAQw"]
[Thu Jun 11 16:33:38.222911 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/production/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2fQAAAQw"]
[Thu Jun 11 16:33:38.223104 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNkkKTwdTIu69rj41nnAAAAMs"]
[Thu Jun 11 16:33:38.223117 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2fQAAAQw"]
[Thu Jun 11 16:33:38.223257 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNkkKTwdTIu69rj41nnAAAAMs"]
[Thu Jun 11 16:33:38.223513 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/mysite/.env"] [unique_id "aisNkkKTwdTIu69rj41nnAAAAMs"]
[Thu Jun 11 16:33:38.223749 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nnAAAAMs"]
[Thu Jun 11 16:33:38.232625 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNkv8lKn4qdPkDWlA2fgAAAQg"]
[Thu Jun 11 16:33:38.232704 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNkv8lKn4qdPkDWlA2fgAAAQg"]
[Thu Jun 11 16:33:38.233064 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/database.sql"] [unique_id "aisNkv8lKn4qdPkDWlA2fgAAAQg"]
[Thu Jun 11 16:33:38.233329 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2fgAAAQg"]
[Thu Jun 11 16:33:38.235316 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-qwAAAEM"]
[Thu Jun 11 16:33:38.235391 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-qwAAAEM"]
[Thu Jun 11 16:33:38.235741 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-qwAAAEM"]
[Thu Jun 11 16:33:38.235960 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-qwAAAEM"]
[Thu Jun 11 16:33:38.241246 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNkqzVaq-mvl-Hfs81EgAAAAw"]
[Thu Jun 11 16:33:38.241403 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNkqzVaq-mvl-Hfs81EgAAAAw"]
[Thu Jun 11 16:33:38.241609 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.txt"] [unique_id "aisNkqzVaq-mvl-Hfs81EgAAAAw"]
[Thu Jun 11 16:33:38.241820 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81EgAAAAw"]
[Thu Jun 11 16:33:38.242643 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/auth.php"] [unique_id "aisNkv8lKn4qdPkDWlA2fwAAARA"]
[Thu Jun 11 16:33:38.243280 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.py"] [unique_id "aisNkpQ1oEsc4pCWMDP_SAAAAU8"]
[Thu Jun 11 16:33:38.244240 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EwAAABc"]
[Thu Jun 11 16:33:38.244391 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EwAAABc"]
[Thu Jun 11 16:33:38.244612 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81EwAAABc"]
[Thu Jun 11 16:33:38.244928 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81EwAAABc"]
[Thu Jun 11 16:33:38.244944 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/app.php"] [unique_id "aisNkkKTwdTIu69rj41nnQAAAMc"]
[Thu Jun 11 16:33:38.246214 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNkpQ1oEsc4pCWMDP_SQAAAVI"]
[Thu Jun 11 16:33:38.246384 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNkpQ1oEsc4pCWMDP_SQAAAVI"]
[Thu Jun 11 16:33:38.246609 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.staging.local"] [unique_id "aisNkpQ1oEsc4pCWMDP_SQAAAVI"]
[Thu Jun 11 16:33:38.246773 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-test.properties"] [unique_id "aisNkjlbUCMVJYfLxkpKggAAAIU"]
[Thu Jun 11 16:33:38.246846 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_SQAAAVI"]
[Thu Jun 11 16:33:38.248644 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-prod.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-rAAAAEE"]
[Thu Jun 11 16:33:38.250286 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/go.mod"] [unique_id "aisNkk4Kpjoch0F_BSr-rQAAAEw"]
[Thu Jun 11 16:33:38.251611 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/broadcasting.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_SgAAAUs"]
[Thu Jun 11 16:33:38.256157 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test.php"] [unique_id "aisNkqzVaq-mvl-Hfs81FAAAABA"]
[Thu Jun 11 16:33:38.257524 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNkkKTwdTIu69rj41nngAAAMQ"]
[Thu Jun 11 16:33:38.257707 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNkkKTwdTIu69rj41nngAAAMQ"]
[Thu Jun 11 16:33:38.257895 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/config/.env"] [unique_id "aisNkkKTwdTIu69rj41nngAAAMQ"]
[Thu Jun 11 16:33:38.258101 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nngAAAMQ"]
[Thu Jun 11 16:33:38.259024 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-rgAAAEQ"]
[Thu Jun 11 16:33:38.259175 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-rgAAAEQ"]
[Thu Jun 11 16:33:38.259409 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/uploads/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-rgAAAEQ"]
[Thu Jun 11 16:33:38.259659 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-rgAAAEQ"]
[Thu Jun 11 16:33:38.260315 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tmp/env"] [unique_id "aisNkjlbUCMVJYfLxkpKgwAAAJc"]
[Thu Jun 11 16:33:38.261752 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNkv8lKn4qdPkDWlA2gAAAARI"]
[Thu Jun 11 16:33:38.261928 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNkv8lKn4qdPkDWlA2gAAAARI"]
[Thu Jun 11 16:33:38.262104 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/master"] [unique_id "aisNkv8lKn4qdPkDWlA2gAAAARI"]
[Thu Jun 11 16:33:38.262305 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2gAAAARI"]
[Thu Jun 11 16:33:38.263181 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/includes/configure.php"] [unique_id "aisNkkKTwdTIu69rj41nnwAAANY"]
[Thu Jun 11 16:33:38.263341 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_SwAAAUE"]
[Thu Jun 11 16:33:38.263490 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_SwAAAUE"]
[Thu Jun 11 16:33:38.263694 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/staging/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_SwAAAUE"]
[Thu Jun 11 16:33:38.263909 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_SwAAAUE"]
[Thu Jun 11 16:33:38.264461 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKhAAAAI0"]
[Thu Jun 11 16:33:38.264722 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKhAAAAI0"]
[Thu Jun 11 16:33:38.264936 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/deploy/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKhAAAAI0"]
[Thu Jun 11 16:33:38.265257 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKhAAAAI0"]
[Thu Jun 11 16:33:38.268537 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/parameters.php"] [unique_id "aisNkjlbUCMVJYfLxkpKhQAAAJE"]
[Thu Jun 11 16:33:38.269774 2026] [authz_core:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] AH01630: client denied by server configuration: /disk001/augenn/public_html/.htaccess
[Thu Jun 11 16:33:38.270668 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNkkKTwdTIu69rj41noQAAAMs"]
[Thu Jun 11 16:33:38.270902 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNkkKTwdTIu69rj41noQAAAMs"]
[Thu Jun 11 16:33:38.271129 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/config/.env"] [unique_id "aisNkkKTwdTIu69rj41noQAAAMs"]
[Thu Jun 11 16:33:38.271468 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41noQAAAMs"]
[Thu Jun 11 16:33:38.281535 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/autoload.php"] [unique_id "aisNkv8lKn4qdPkDWlA2ggAAAQg"]
[Thu Jun 11 16:33:38.287515 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81FQAAAAw"]
[Thu Jun 11 16:33:38.287691 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81FQAAAAw"]
[Thu Jun 11 16:33:38.287897 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81FQAAAAw"]
[Thu Jun 11 16:33:38.288151 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81FQAAAAw"]
[Thu Jun 11 16:33:38.288660 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNkkKTwdTIu69rj41nogAAAMc"]
[Thu Jun 11 16:33:38.288844 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNkkKTwdTIu69rj41nogAAAMc"]
[Thu Jun 11 16:33:38.289088 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/release/.env"] [unique_id "aisNkkKTwdTIu69rj41nogAAAMc"]
[Thu Jun 11 16:33:38.289135 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpinfo.php"] [unique_id "aisNkv8lKn4qdPkDWlA2gwAAARA"]
[Thu Jun 11 16:33:38.289409 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nogAAAMc"]
[Thu Jun 11 16:33:38.290880 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.staging"] [unique_id "aisNkqzVaq-mvl-Hfs81FgAAABc"]
[Thu Jun 11 16:33:38.291244 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNkk4Kpjoch0F_BSr-rwAAAEw"]
[Thu Jun 11 16:33:38.291393 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ecosystem"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNkk4Kpjoch0F_BSr-rwAAAEw"]
[Thu Jun 11 16:33:38.291624 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.ecosystem"] [unique_id "aisNkk4Kpjoch0F_BSr-rwAAAEw"]
[Thu Jun 11 16:33:38.291838 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-rwAAAEw"]
[Thu Jun 11 16:33:38.298226 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/swagger.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_TAAAAU8"]
[Thu Jun 11 16:33:38.299820 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app.env"] [unique_id "aisNkk4Kpjoch0F_BSr-sAAAAEE"]
[Thu Jun 11 16:33:38.302185 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/local.env"] [unique_id "aisNkk4Kpjoch0F_BSr-sQAAAEM"]
[Thu Jun 11 16:33:38.302893 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump.sql.gz"] [unique_id "aisNkjlbUCMVJYfLxkpKhgAAAIU"]
[Thu Jun 11 16:33:38.303654 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/hashing.php"] [unique_id "aisNkqzVaq-mvl-Hfs81FwAAABA"]
[Thu Jun 11 16:33:38.305030 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/config.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_TQAAAVI"]
[Thu Jun 11 16:33:38.307631 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_TgAAAUE"]
[Thu Jun 11 16:33:38.308277 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/jdbc.properties"] [unique_id "aisNkjlbUCMVJYfLxkpKhwAAAI0"]
[Thu Jun 11 16:33:38.309073 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/staging.rb"] [unique_id "aisNkk4Kpjoch0F_BSr-sgAAAEQ"]
[Thu Jun 11 16:33:38.309617 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNkpQ1oEsc4pCWMDP_TwAAAUs"]
[Thu Jun 11 16:33:38.309813 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/datasources.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNkpQ1oEsc4pCWMDP_TwAAAUs"]
[Thu Jun 11 16:33:38.309956 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.idea/dataSources.xml"] [unique_id "aisNkpQ1oEsc4pCWMDP_TwAAAUs"]
[Thu Jun 11 16:33:38.310161 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_TwAAAUs"]
[Thu Jun 11 16:33:38.311368 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNkkKTwdTIu69rj41nowAAANY"]
[Thu Jun 11 16:33:38.311553 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNkkKTwdTIu69rj41nowAAANY"]
[Thu Jun 11 16:33:38.312393 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/p.php"] [unique_id "aisNkjlbUCMVJYfLxkpKiAAAAJc"]
[Thu Jun 11 16:33:38.314010 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNkv8lKn4qdPkDWlA2hAAAARI"]
[Thu Jun 11 16:33:38.314171 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNkv8lKn4qdPkDWlA2hAAAARI"]
[Thu Jun 11 16:33:38.314314 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www.tar.gz"] [unique_id "aisNkjlbUCMVJYfLxkpKiQAAAJE"]
[Thu Jun 11 16:33:38.314345 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.new"] [unique_id "aisNkv8lKn4qdPkDWlA2hAAAARI"]
[Thu Jun 11 16:33:38.314609 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2hAAAARI"]
[Thu Jun 11 16:33:38.315516 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNkkKTwdTIu69rj41npAAAAMs"]
[Thu Jun 11 16:33:38.315927 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNkkKTwdTIu69rj41npAAAAMs"]
[Thu Jun 11 16:33:38.316134 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/old/.env"] [unique_id "aisNkkKTwdTIu69rj41npAAAAMs"]
[Thu Jun 11 16:33:38.316366 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41npAAAAMs"]
[Thu Jun 11 16:33:38.316439 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNkv8lKn4qdPkDWlA2hQAAAQw"]
[Thu Jun 11 16:33:38.316626 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNkv8lKn4qdPkDWlA2hQAAAQw"]
[Thu Jun 11 16:33:38.316770 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.gitlab-ci.yml"] [unique_id "aisNkv8lKn4qdPkDWlA2hQAAAQw"]
[Thu Jun 11 16:33:38.316827 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/client/.env"] [unique_id "aisNkkKTwdTIu69rj41nowAAANY"]
[Thu Jun 11 16:33:38.317015 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2hQAAAQw"]
[Thu Jun 11 16:33:38.317125 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nowAAANY"]
[Thu Jun 11 16:33:38.318340 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNkkKTwdTIu69rj41npQAAAMQ"]
[Thu Jun 11 16:33:38.318529 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/cache/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNkkKTwdTIu69rj41npQAAAMQ"]
[Thu Jun 11 16:33:38.318778 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/cache/dev/.env"] [unique_id "aisNkkKTwdTIu69rj41npQAAAMQ"]
[Thu Jun 11 16:33:38.319059 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41npQAAAMQ"]
[Thu Jun 11 16:33:38.326637 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2hgAAAQg"]
[Thu Jun 11 16:33:38.326844 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2hgAAAQg"]
[Thu Jun 11 16:33:38.327020 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backend/config/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2hgAAAQg"]
[Thu Jun 11 16:33:38.327234 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2hgAAAQg"]
[Thu Jun 11 16:33:38.328230 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.dev"] [unique_id "aisNkqzVaq-mvl-Hfs81GAAAAAw"]
[Thu Jun 11 16:33:38.331340 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.production"] [unique_id "aisNkkKTwdTIu69rj41npgAAAMc"]
[Thu Jun 11 16:33:38.332497 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/myadmin/"] [unique_id "aisNkqzVaq-mvl-Hfs81GQAAABc"]
[Thu Jun 11 16:33:38.333386 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/administrator/"] [unique_id "aisNkk4Kpjoch0F_BSr-swAAAEw"]
[Thu Jun 11 16:33:38.334004 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/frontend_dev.php/$"] [unique_id "aisNkv8lKn4qdPkDWlA2hwAAARA"]
[Thu Jun 11 16:33:38.340107 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/SymfonyRequirements.php"] [unique_id "aisNkk4Kpjoch0F_BSr-tAAAAEE"]
[Thu Jun 11 16:33:38.342969 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_UAAAAU8"]
[Thu Jun 11 16:33:38.343277 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_UAAAAU8"]
[Thu Jun 11 16:33:38.343489 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/htdocs/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_UAAAAU8"]
[Thu Jun 11 16:33:38.343773 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_UAAAAU8"]
[Thu Jun 11 16:33:38.346248 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nuxt.config.js"] [unique_id "aisNkjlbUCMVJYfLxkpKigAAAIU"]
[Thu Jun 11 16:33:38.347816 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNkk4Kpjoch0F_BSr-tQAAAEM"]
[Thu Jun 11 16:33:38.347886 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNkk4Kpjoch0F_BSr-tQAAAEM"]
[Thu Jun 11 16:33:38.348061 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNkk4Kpjoch0F_BSr-tQAAAEM"]
[Thu Jun 11 16:33:38.348279 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web.config"] [unique_id "aisNkk4Kpjoch0F_BSr-tQAAAEM"]
[Thu Jun 11 16:33:38.348392 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNkqzVaq-mvl-Hfs81GgAAABA"]
[Thu Jun 11 16:33:38.348538 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNkqzVaq-mvl-Hfs81GgAAABA"]
[Thu Jun 11 16:33:38.348654 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-tQAAAEM"]
[Thu Jun 11 16:33:38.348956 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/Dockerfile"] [unique_id "aisNkqzVaq-mvl-Hfs81GgAAABA"]
[Thu Jun 11 16:33:38.349171 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81GgAAABA"]
[Thu Jun 11 16:33:38.349970 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNkjlbUCMVJYfLxkpKiwAAAI0"]
[Thu Jun 11 16:33:38.350123 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNkpQ1oEsc4pCWMDP_UQAAAUE"]
[Thu Jun 11 16:33:38.350235 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNkjlbUCMVJYfLxkpKiwAAAI0"]
[Thu Jun 11 16:33:38.350252 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNkpQ1oEsc4pCWMDP_UQAAAUE"]
[Thu Jun 11 16:33:38.350394 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aisNkpQ1oEsc4pCWMDP_UQAAAUE"]
[Thu Jun 11 16:33:38.350436 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.copy"] [unique_id "aisNkjlbUCMVJYfLxkpKiwAAAI0"]
[Thu Jun 11 16:33:38.350794 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKiwAAAI0"]
[Thu Jun 11 16:33:38.350936 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_UQAAAUE"]
[Thu Jun 11 16:33:38.351793 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkk4Kpjoch0F_BSr-tgAAAEQ"]
[Thu Jun 11 16:33:38.351864 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkk4Kpjoch0F_BSr-tgAAAEQ"]
[Thu Jun 11 16:33:38.352070 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkk4Kpjoch0F_BSr-tgAAAEQ"]
[Thu Jun 11 16:33:38.352305 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-tgAAAEQ"]
[Thu Jun 11 16:33:38.353204 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.php"] [unique_id "aisNkjlbUCMVJYfLxkpKjAAAAJc"]
[Thu Jun 11 16:33:38.353311 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db/"] [unique_id "aisNkpQ1oEsc4pCWMDP_UgAAAVI"]
[Thu Jun 11 16:33:38.354672 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/secrets.yml"] [unique_id "aisNkpQ1oEsc4pCWMDP_UwAAAUs"]
[Thu Jun 11 16:33:38.356351 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/manager/"] [unique_id "aisNkkKTwdTIu69rj41npwAAAMs"]
[Thu Jun 11 16:33:38.357332 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNkkKTwdTIu69rj41nqAAAANY"]
[Thu Jun 11 16:33:38.357486 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNkkKTwdTIu69rj41nqAAAANY"]
[Thu Jun 11 16:33:38.357729 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/site/.env"] [unique_id "aisNkkKTwdTIu69rj41nqAAAANY"]
[Thu Jun 11 16:33:38.357949 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nqAAAANY"]
[Thu Jun 11 16:33:38.358908 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.vscode/launch.json"] [unique_id "aisNkv8lKn4qdPkDWlA2iQAAARI"]
[Thu Jun 11 16:33:38.359784 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2igAAAQw"]
[Thu Jun 11 16:33:38.359975 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2igAAAQw"]
[Thu Jun 11 16:33:38.360131 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/staging/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2igAAAQw"]
[Thu Jun 11 16:33:38.360516 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2igAAAQw"]
[Thu Jun 11 16:33:38.360734 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKjQAAAJE"]
[Thu Jun 11 16:33:38.360873 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKjQAAAJE"]
[Thu Jun 11 16:33:38.361018 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKjQAAAJE"]
[Thu Jun 11 16:33:38.361251 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKjQAAAJE"]
[Thu Jun 11 16:33:38.365538 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/docker-compose.prod.yml"] [unique_id "aisNkkKTwdTIu69rj41nqQAAAMQ"]
[Thu Jun 11 16:33:38.370130 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/core/configuration.php"] [unique_id "aisNkqzVaq-mvl-Hfs81GwAAAAw"]
[Thu Jun 11 16:33:38.372100 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkv8lKn4qdPkDWlA2iwAAAQg"]
[Thu Jun 11 16:33:38.372294 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkv8lKn4qdPkDWlA2iwAAAQg"]
[Thu Jun 11 16:33:38.372507 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkv8lKn4qdPkDWlA2iwAAAQg"]
[Thu Jun 11 16:33:38.372918 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2iwAAAQg"]
[Thu Jun 11 16:33:38.375494 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNkqzVaq-mvl-Hfs81HAAAABc"]
[Thu Jun 11 16:33:38.375594 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNkqzVaq-mvl-Hfs81HAAAABc"]
[Thu Jun 11 16:33:38.375782 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNkqzVaq-mvl-Hfs81HAAAABc"]
[Thu Jun 11 16:33:38.375939 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/Web.config"] [unique_id "aisNkqzVaq-mvl-Hfs81HAAAABc"]
[Thu Jun 11 16:33:38.376153 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81HAAAABc"]
[Thu Jun 11 16:33:38.377382 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-twAAAEw"]
[Thu Jun 11 16:33:38.377560 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-twAAAEw"]
[Thu Jun 11 16:33:38.377825 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/test/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-twAAAEw"]
[Thu Jun 11 16:33:38.378052 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-twAAAEw"]
[Thu Jun 11 16:33:38.378913 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ecosystem.config.js"] [unique_id "aisNkkKTwdTIu69rj41nqgAAAMc"]
[Thu Jun 11 16:33:38.380320 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNkv8lKn4qdPkDWlA2jAAAARA"]
[Thu Jun 11 16:33:38.380471 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Matched phrase ".bowerrc" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bowerrc found within REQUEST_FILENAME: /.bowerrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNkv8lKn4qdPkDWlA2jAAAARA"]
[Thu Jun 11 16:33:38.380641 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.bowerrc"] [unique_id "aisNkv8lKn4qdPkDWlA2jAAAARA"]
[Thu Jun 11 16:33:38.380962 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2jAAAARA"]
[Thu Jun 11 16:33:38.390487 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VAAAAU8"]
[Thu Jun 11 16:33:38.390668 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/tsconfig.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /tsconfig.json found within REQUEST_FILENAME: /tsconfig.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VAAAAU8"]
[Thu Jun 11 16:33:38.390891 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tsconfig.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VAAAAU8"]
[Thu Jun 11 16:33:38.391159 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_VAAAAU8"]
[Thu Jun 11 16:33:38.392190 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Procfile"] [unique_id "aisNkjlbUCMVJYfLxkpKjgAAAIU"]
[Thu Jun 11 16:33:38.394328 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-uAAAAEM"]
[Thu Jun 11 16:33:38.394470 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-uAAAAEM"]
[Thu Jun 11 16:33:38.394693 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/panel/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-uAAAAEM"]
[Thu Jun 11 16:33:38.394960 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-uAAAAEM"]
[Thu Jun 11 16:33:38.395742 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNkk4Kpjoch0F_BSr-uQAAAEE"]
[Thu Jun 11 16:33:38.395890 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.acceptance"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNkk4Kpjoch0F_BSr-uQAAAEE"]
[Thu Jun 11 16:33:38.396040 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.acceptance"] [unique_id "aisNkk4Kpjoch0F_BSr-uQAAAEE"]
[Thu Jun 11 16:33:38.396197 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/clientaccesspolicy.xml"] [unique_id "aisNkk4Kpjoch0F_BSr-ugAAAEQ"]
[Thu Jun 11 16:33:38.396244 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-uQAAAEE"]
[Thu Jun 11 16:33:38.398060 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VQAAAUE"]
[Thu Jun 11 16:33:38.398192 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/debug/default/view"] [unique_id "aisNkjlbUCMVJYfLxkpKkAAAAJc"]
[Thu Jun 11 16:33:38.398210 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VQAAAUE"]
[Thu Jun 11 16:33:38.398405 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/composer.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_VQAAAUE"]
[Thu Jun 11 16:33:38.398712 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_VQAAAUE"]
[Thu Jun 11 16:33:38.399254 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.editorconfig"] [unique_id "aisNkqzVaq-mvl-Hfs81HQAAABA"]
[Thu Jun 11 16:33:38.399830 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application-staging.properties"] [unique_id "aisNkkKTwdTIu69rj41nqwAAANY"]
[Thu Jun 11 16:33:38.401313 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_VgAAAUs"]
[Thu Jun 11 16:33:38.401453 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_VgAAAUs"]
[Thu Jun 11 16:33:38.402283 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNkpQ1oEsc4pCWMDP_VwAAAVI"]
[Thu Jun 11 16:33:38.402423 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNkpQ1oEsc4pCWMDP_VwAAAVI"]
[Thu Jun 11 16:33:38.402641 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/description"] [unique_id "aisNkpQ1oEsc4pCWMDP_VwAAAVI"]
[Thu Jun 11 16:33:38.402884 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_VwAAAVI"]
[Thu Jun 11 16:33:38.403910 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2jQAAAQw"]
[Thu Jun 11 16:33:38.404073 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2jQAAAQw"]
[Thu Jun 11 16:33:38.404264 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/main/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2jQAAAQw"]
[Thu Jun 11 16:33:38.404556 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2jQAAAQw"]
[Thu Jun 11 16:33:38.405556 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/pom.xml"] [unique_id "aisNkv8lKn4qdPkDWlA2jgAAARI"]
[Thu Jun 11 16:33:38.406053 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkQAAAJE"]
[Thu Jun 11 16:33:38.408331 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkQAAAJE"]
[Thu Jun 11 16:33:38.408479 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/application/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkQAAAJE"]
[Thu Jun 11 16:33:38.408729 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKkQAAAJE"]
[Thu Jun 11 16:33:38.406226 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/filesystems.php"] [unique_id "aisNkkKTwdTIu69rj41nrAAAAMs"]
[Thu Jun 11 16:33:38.406350 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNkjlbUCMVJYfLxkpKjwAAAI0"]
[Thu Jun 11 16:33:38.409478 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.vault"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNkjlbUCMVJYfLxkpKjwAAAI0"]
[Thu Jun 11 16:33:38.409703 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.vault"] [unique_id "aisNkjlbUCMVJYfLxkpKjwAAAI0"]
[Thu Jun 11 16:33:38.409932 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKjwAAAI0"]
[Thu Jun 11 16:33:38.410034 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/v1/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_VgAAAUs"]
[Thu Jun 11 16:33:38.410258 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/telescope/requests"] [unique_id "aisNkkKTwdTIu69rj41nrQAAAMQ"]
[Thu Jun 11 16:33:38.410282 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_VgAAAUs"]
[Thu Jun 11 16:33:38.416205 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/conf/settings.py"] [unique_id "aisNkqzVaq-mvl-Hfs81HwAAABc"]
[Thu Jun 11 16:33:38.417490 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNkv8lKn4qdPkDWlA2jwAAAQg"]
[Thu Jun 11 16:33:38.417689 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNkv8lKn4qdPkDWlA2jwAAAQg"]
[Thu Jun 11 16:33:38.418195 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/refs/heads/main"] [unique_id "aisNkv8lKn4qdPkDWlA2jwAAAQg"]
[Thu Jun 11 16:33:38.418483 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2jwAAAQg"]
[Thu Jun 11 16:33:38.418895 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNkqzVaq-mvl-Hfs81HgAAAAw"]
[Thu Jun 11 16:33:38.418967 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNkqzVaq-mvl-Hfs81HgAAAAw"]
[Thu Jun 11 16:33:38.419080 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/global.php"] [unique_id "aisNkk4Kpjoch0F_BSr-uwAAAEw"]
[Thu Jun 11 16:33:38.419083 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNkqzVaq-mvl-Hfs81HgAAAAw"]
[Thu Jun 11 16:33:38.419277 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env~"] [unique_id "aisNkqzVaq-mvl-Hfs81HgAAAAw"]
[Thu Jun 11 16:33:38.419665 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81HgAAAAw"]
[Thu Jun 11 16:33:38.420851 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpmyadmin/"] [unique_id "aisNkkKTwdTIu69rj41nrgAAAMc"]
[Thu Jun 11 16:33:38.427314 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/production.json"] [unique_id "aisNkv8lKn4qdPkDWlA2kAAAARA"]
[Thu Jun 11 16:33:38.437399 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNkjlbUCMVJYfLxkpKkgAAAIU"]
[Thu Jun 11 16:33:38.437479 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNkjlbUCMVJYfLxkpKkgAAAIU"]
[Thu Jun 11 16:33:38.437886 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel-*.log"] [unique_id "aisNkjlbUCMVJYfLxkpKkgAAAIU"]
[Thu Jun 11 16:33:38.438142 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKkgAAAIU"]
[Thu Jun 11 16:33:38.438915 2026] [authz_core:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] AH01630: client denied by server configuration: /disk001/augenn/public_html/error_log
[Thu Jun 11 16:33:38.439658 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/environments/production.rb"] [unique_id "aisNkk4Kpjoch0F_BSr-vAAAAEQ"]
[Thu Jun 11 16:33:38.439991 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNkk4Kpjoch0F_BSr-vQAAAEE"]
[Thu Jun 11 16:33:38.440170 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNkk4Kpjoch0F_BSr-vQAAAEE"]
[Thu Jun 11 16:33:38.440344 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.ci"] [unique_id "aisNkk4Kpjoch0F_BSr-vQAAAEE"]
[Thu Jun 11 16:33:38.441202 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkk4Kpjoch0F_BSr-vgAAAEM"]
[Thu Jun 11 16:33:38.441342 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkk4Kpjoch0F_BSr-vgAAAEM"]
[Thu Jun 11 16:33:38.441482 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "aisNkk4Kpjoch0F_BSr-vgAAAEM"]
[Thu Jun 11 16:33:38.441563 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.dockerignore"] [unique_id "aisNkqzVaq-mvl-Hfs81IAAAABA"]
[Thu Jun 11 16:33:38.441748 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-vgAAAEM"]
[Thu Jun 11 16:33:38.442804 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkwAAAJc"]
[Thu Jun 11 16:33:38.443013 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkwAAAJc"]
[Thu Jun 11 16:33:38.443179 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/WEB-INF/applicationContext.xml"] [unique_id "aisNkpQ1oEsc4pCWMDP_WQAAAUE"]
[Thu Jun 11 16:33:38.443210 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/conf/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKkwAAAJc"]
[Thu Jun 11 16:33:38.443435 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKkwAAAJc"]
[Thu Jun 11 16:33:38.444443 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNkkKTwdTIu69rj41nrwAAANY"]
[Thu Jun 11 16:33:38.445230 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNkv8lKn4qdPkDWlA2kQAAAQw"]
[Thu Jun 11 16:33:38.445402 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNkv8lKn4qdPkDWlA2kQAAAQw"]
[Thu Jun 11 16:33:38.445824 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.orig"] [unique_id "aisNkv8lKn4qdPkDWlA2kQAAAQw"]
[Thu Jun 11 16:33:38.446063 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2kQAAAQw"]
[Thu Jun 11 16:33:38.449305 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2kgAAARI"]
[Thu Jun 11 16:33:38.449508 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2kgAAARI"]
[Thu Jun 11 16:33:38.449724 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/demo/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2kgAAARI"]
[Thu Jun 11 16:33:38.449955 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2kgAAARI"]
[Thu Jun 11 16:33:38.450940 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNkpQ1oEsc4pCWMDP_WgAAAVI"]
[Thu Jun 11 16:33:38.451119 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.cd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNkpQ1oEsc4pCWMDP_WgAAAVI"]
[Thu Jun 11 16:33:38.451292 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.cd"] [unique_id "aisNkpQ1oEsc4pCWMDP_WgAAAVI"]
[Thu Jun 11 16:33:38.451530 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_WgAAAVI"]
[Thu Jun 11 16:33:38.452513 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.docker.env"] [unique_id "aisNkkKTwdTIu69rj41nsAAAAMs"]
[Thu Jun 11 16:33:38.453282 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/mail.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_WwAAAUs"]
[Thu Jun 11 16:33:38.454840 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/site.zip"] [unique_id "aisNkjlbUCMVJYfLxkpKlAAAAI0"]
[Thu Jun 11 16:33:38.456530 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNkkKTwdTIu69rj41nrwAAANY"]
[Thu Jun 11 16:33:38.456709 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "aisNkkKTwdTIu69rj41nrwAAANY"]
[Thu Jun 11 16:33:38.456988 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nrwAAANY"]
[Thu Jun 11 16:33:38.457227 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-vQAAAEE"]
[Thu Jun 11 16:33:38.459982 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/nodemon.json"] [unique_id "aisNkkKTwdTIu69rj41nsQAAAMQ"]
[Thu Jun 11 16:33:38.461318 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKlQAAAJE"]
[Thu Jun 11 16:33:38.461495 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/app/public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKlQAAAJE"]
[Thu Jun 11 16:33:38.461514 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wAAAAEw"]
[Thu Jun 11 16:33:38.461725 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/cache/prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wAAAAEw"]
[Thu Jun 11 16:33:38.461751 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/app/public/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKlQAAAJE"]
[Thu Jun 11 16:33:38.461944 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/cache/prod/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wAAAAEw"]
[Thu Jun 11 16:33:38.461985 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKlQAAAJE"]
[Thu Jun 11 16:33:38.462242 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-wAAAAEw"]
[Thu Jun 11 16:33:38.462803 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/queue.php"] [unique_id "aisNkqzVaq-mvl-Hfs81IQAAABc"]
[Thu Jun 11 16:33:38.463302 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/openapi.json"] [unique_id "aisNkkKTwdTIu69rj41nsgAAAMc"]
[Thu Jun 11 16:33:38.464235 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/session.php"] [unique_id "aisNkqzVaq-mvl-Hfs81IgAAAAw"]
[Thu Jun 11 16:33:38.465746 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/view.php"] [unique_id "aisNkv8lKn4qdPkDWlA2kwAAAQg"]
[Thu Jun 11 16:33:38.472293 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkv8lKn4qdPkDWlA2lAAAARA"]
[Thu Jun 11 16:33:38.472367 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkv8lKn4qdPkDWlA2lAAAARA"]
[Thu Jun 11 16:33:38.472680 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/config/master.key"] [unique_id "aisNkv8lKn4qdPkDWlA2lAAAARA"]
[Thu Jun 11 16:33:38.472922 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2lAAAARA"]
[Thu Jun 11 16:33:38.480698 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKlgAAAIU"]
[Thu Jun 11 16:33:38.483285 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XAAAAU8"]
[Thu Jun 11 16:33:38.483459 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/framework/cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XAAAAU8"]
[Thu Jun 11 16:33:38.483701 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/framework/cache/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XAAAAU8"]
[Thu Jun 11 16:33:38.483920 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_XAAAAU8"]
[Thu Jun 11 16:33:38.484244 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_XQAAAUE"]
[Thu Jun 11 16:33:38.484379 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "bower.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: bower.json found within REQUEST_FILENAME: /bower.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_XQAAAUE"]
[Thu Jun 11 16:33:38.484517 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/bower.json"] [unique_id "aisNkpQ1oEsc4pCWMDP_XQAAAUE"]
[Thu Jun 11 16:33:38.484758 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_XQAAAUE"]
[Thu Jun 11 16:33:38.484922 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wQAAAEE"]
[Thu Jun 11 16:33:38.485129 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wQAAAEE"]
[Thu Jun 11 16:33:38.485366 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/service/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-wQAAAEE"]
[Thu Jun 11 16:33:38.485796 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-wQAAAEE"]
[Thu Jun 11 16:33:38.486265 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/Gemfile"] [unique_id "aisNkk4Kpjoch0F_BSr-wgAAAEQ"]
[Thu Jun 11 16:33:38.486660 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2lQAAAQw"]
[Thu Jun 11 16:33:38.486821 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2lQAAAQw"]
[Thu Jun 11 16:33:38.487026 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/protected/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2lQAAAQw"]
[Thu Jun 11 16:33:38.487282 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2lQAAAQw"]
[Thu Jun 11 16:33:38.488319 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/services.php"] [unique_id "aisNkjlbUCMVJYfLxkpKlwAAAJc"]
[Thu Jun 11 16:33:38.492880 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap.properties"] [unique_id "aisNkqzVaq-mvl-Hfs81IwAAABA"]
[Thu Jun 11 16:33:38.497691 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/logging.php"] [unique_id "aisNkk4Kpjoch0F_BSr-wwAAAEM"]
[Thu Jun 11 16:33:38.500254 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.drone.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKmAAAAI0"]
[Thu Jun 11 16:33:38.501214 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNkkKTwdTIu69rj41nswAAAMs"]
[Thu Jun 11 16:33:38.501370 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /builds/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNkkKTwdTIu69rj41nswAAAMs"]
[Thu Jun 11 16:33:38.501546 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/builds/.env"] [unique_id "aisNkkKTwdTIu69rj41nswAAAMs"]
[Thu Jun 11 16:33:38.501821 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nswAAAMs"]
[Thu Jun 11 16:33:38.506453 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/initializers/secret_token.rb"] [unique_id "aisNkpQ1oEsc4pCWMDP_XgAAAVI"]
[Thu Jun 11 16:33:38.507241 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/cache.php"] [unique_id "aisNkk4Kpjoch0F_BSr-xAAAAEw"]
[Thu Jun 11 16:33:38.508221 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JAAAAAw"]
[Thu Jun 11 16:33:38.508366 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JAAAAAw"]
[Thu Jun 11 16:33:38.508561 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/composer.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JAAAAAw"]
[Thu Jun 11 16:33:38.508878 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81JAAAAAw"]
[Thu Jun 11 16:33:38.508896 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XwAAAUs"]
[Thu Jun 11 16:33:38.509052 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XwAAAUs"]
[Thu Jun 11 16:33:38.509248 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/secure/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_XwAAAUs"]
[Thu Jun 11 16:33:38.509535 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_XwAAAUs"]
[Thu Jun 11 16:33:38.510545 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKmQAAAJE"]
[Thu Jun 11 16:33:38.510715 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKmQAAAJE"]
[Thu Jun 11 16:33:38.510863 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKmQAAAJE"]
[Thu Jun 11 16:33:38.511077 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKmQAAAJE"]
[Thu Jun 11 16:33:38.513433 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNkkKTwdTIu69rj41ntAAAAMQ"]
[Thu Jun 11 16:33:38.513505 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNkkKTwdTIu69rj41ntAAAAMQ"]
[Thu Jun 11 16:33:38.513789 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/env.backup"] [unique_id "aisNkkKTwdTIu69rj41ntAAAAMQ"]
[Thu Jun 11 16:33:38.514016 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41ntAAAAMQ"]
[Thu Jun 11 16:33:38.514950 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNkkKTwdTIu69rj41ntQAAAMc"]
[Thu Jun 11 16:33:38.515139 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNkkKTwdTIu69rj41ntQAAAMc"]
[Thu Jun 11 16:33:38.515289 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.kube/config"] [unique_id "aisNkkKTwdTIu69rj41ntQAAAMc"]
[Thu Jun 11 16:33:38.515501 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41ntQAAAMc"]
[Thu Jun 11 16:33:38.516261 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/kubeconfig"] [unique_id "aisNkv8lKn4qdPkDWlA2lgAAARI"]
[Thu Jun 11 16:33:38.517419 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/status"] [unique_id "aisNkqzVaq-mvl-Hfs81JQAAABc"]
[Thu Jun 11 16:33:38.524473 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNkkKTwdTIu69rj41ntgAAANY"]
[Thu Jun 11 16:33:38.524554 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNkkKTwdTIu69rj41ntgAAANY"]
[Thu Jun 11 16:33:38.524719 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNkkKTwdTIu69rj41ntgAAANY"]
[Thu Jun 11 16:33:38.524912 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.backup"] [unique_id "aisNkkKTwdTIu69rj41ntgAAANY"]
[Thu Jun 11 16:33:38.525124 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41ntgAAANY"]
[Thu Jun 11 16:33:38.529751 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/"] [unique_id "aisNkv8lKn4qdPkDWlA2lwAAARA"]
[Thu Jun 11 16:33:38.530695 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNkjlbUCMVJYfLxkpKmgAAAJc"]
[Thu Jun 11 16:33:38.530943 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNkjlbUCMVJYfLxkpKmgAAAJc"]
[Thu Jun 11 16:33:38.531102 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.idea/workspace.xml"] [unique_id "aisNkjlbUCMVJYfLxkpKmgAAAJc"]
[Thu Jun 11 16:33:38.531380 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/database.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_YAAAAUE"]
[Thu Jun 11 16:33:38.531409 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKmgAAAJc"]
[Thu Jun 11 16:33:38.536216 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNkpQ1oEsc4pCWMDP_YQAAAU8"]
[Thu Jun 11 16:33:38.536292 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNkpQ1oEsc4pCWMDP_YQAAAU8"]
[Thu Jun 11 16:33:38.536408 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNkpQ1oEsc4pCWMDP_YQAAAU8"]
[Thu Jun 11 16:33:38.536472 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/php_info.php"] [unique_id "aisNkk4Kpjoch0F_BSr-xQAAAEQ"]
[Thu Jun 11 16:33:38.536625 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "aisNkpQ1oEsc4pCWMDP_YQAAAU8"]
[Thu Jun 11 16:33:38.536968 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_YQAAAU8"]
[Thu Jun 11 16:33:38.538355 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2mAAAAQw"]
[Thu Jun 11 16:33:38.538515 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2mAAAAQw"]
[Thu Jun 11 16:33:38.539496 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-xgAAAEE"]
[Thu Jun 11 16:33:38.539721 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-xgAAAEE"]
[Thu Jun 11 16:33:38.539964 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/config/parameters.yml"] [unique_id "aisNkk4Kpjoch0F_BSr-xgAAAEE"]
[Thu Jun 11 16:33:38.540234 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-xgAAAEE"]
[Thu Jun 11 16:33:38.540749 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public_html/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2mAAAAQw"]
[Thu Jun 11 16:33:38.540966 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2mAAAAQw"]
[Thu Jun 11 16:33:38.541434 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JgAAABA"]
[Thu Jun 11 16:33:38.541615 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JgAAABA"]
[Thu Jun 11 16:33:38.541822 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/yarn.lock"] [unique_id "aisNkqzVaq-mvl-Hfs81JgAAABA"]
[Thu Jun 11 16:33:38.542027 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81JgAAABA"]
[Thu Jun 11 16:33:38.545942 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNkk4Kpjoch0F_BSr-xwAAAEM"]
[Thu Jun 11 16:33:38.546106 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNkk4Kpjoch0F_BSr-xwAAAEM"]
[Thu Jun 11 16:33:38.546326 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/sftp-config.json"] [unique_id "aisNkk4Kpjoch0F_BSr-xwAAAEM"]
[Thu Jun 11 16:33:38.546535 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-xwAAAEM"]
[Thu Jun 11 16:33:38.548162 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNkjlbUCMVJYfLxkpKmwAAAI0"]
[Thu Jun 11 16:33:38.548512 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNkjlbUCMVJYfLxkpKmwAAAI0"]
[Thu Jun 11 16:33:38.548750 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "aisNkjlbUCMVJYfLxkpKmwAAAI0"]
[Thu Jun 11 16:33:38.549084 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKmwAAAI0"]
[Thu Jun 11 16:33:38.549932 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNkjlbUCMVJYfLxkpKnAAAAIU"]
[Thu Jun 11 16:33:38.550081 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNkjlbUCMVJYfLxkpKnAAAAIU"]
[Thu Jun 11 16:33:38.550271 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "aisNkjlbUCMVJYfLxkpKnAAAAIU"]
[Thu Jun 11 16:33:38.551179 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/swagger/v1/swagger.json"] [unique_id "aisNkk4Kpjoch0F_BSr-yAAAAEw"]
[Thu Jun 11 16:33:38.552141 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNkkKTwdTIu69rj41nuAAAAMs"]
[Thu Jun 11 16:33:38.552235 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNkkKTwdTIu69rj41nuAAAAMs"]
[Thu Jun 11 16:33:38.552642 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/error.log"] [unique_id "aisNkkKTwdTIu69rj41nuAAAAMs"]
[Thu Jun 11 16:33:38.552936 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nuAAAAMs"]
[Thu Jun 11 16:33:38.553067 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/default.json"] [unique_id "aisNkv8lKn4qdPkDWlA2mQAAAQg"]
[Thu Jun 11 16:33:38.553257 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKnAAAAIU"]
[Thu Jun 11 16:33:38.554879 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_YgAAAVI"]
[Thu Jun 11 16:33:38.555042 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_YgAAAVI"]
[Thu Jun 11 16:33:38.555230 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/build/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_YgAAAVI"]
[Thu Jun 11 16:33:38.555637 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_YgAAAVI"]
[Thu Jun 11 16:33:38.557172 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNkpQ1oEsc4pCWMDP_YwAAAUs"]
[Thu Jun 11 16:33:38.557243 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNkpQ1oEsc4pCWMDP_YwAAAUs"]
[Thu Jun 11 16:33:38.557302 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNkqzVaq-mvl-Hfs81JwAAAAw"]
[Thu Jun 11 16:33:38.557349 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNkpQ1oEsc4pCWMDP_YwAAAUs"]
[Thu Jun 11 16:33:38.557376 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNkqzVaq-mvl-Hfs81JwAAAAw"]
[Thu Jun 11 16:33:38.557491 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.svn/wc.db"] [unique_id "aisNkpQ1oEsc4pCWMDP_YwAAAUs"]
[Thu Jun 11 16:33:38.557691 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup.sql"] [unique_id "aisNkqzVaq-mvl-Hfs81JwAAAAw"]
[Thu Jun 11 16:33:38.557800 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_YwAAAUs"]
[Thu Jun 11 16:33:38.557905 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81JwAAAAw"]
[Thu Jun 11 16:33:38.559065 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ansible/hosts"] [unique_id "aisNkkKTwdTIu69rj41nuQAAAMc"]
[Thu Jun 11 16:33:38.560468 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KAAAABc"]
[Thu Jun 11 16:33:38.561064 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/html.tar.gz"] [unique_id "aisNkkKTwdTIu69rj41nugAAAMQ"]
[Thu Jun 11 16:33:38.561255 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-login.php"] [unique_id "aisNkv8lKn4qdPkDWlA2mgAAARI"]
[Thu Jun 11 16:33:38.561991 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /common/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KAAAABc"]
[Thu Jun 11 16:33:38.562187 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/common/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KAAAABc"]
[Thu Jun 11 16:33:38.562391 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81KAAAABc"]
[Thu Jun 11 16:33:38.564483 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/settings.json"] [unique_id "aisNkjlbUCMVJYfLxkpKnQAAAJE"]
[Thu Jun 11 16:33:38.567727 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/services.php"] [unique_id "aisNkkKTwdTIu69rj41nuwAAANY"]
[Thu Jun 11 16:33:38.572240 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/kubernetesconfig.json"] [unique_id "aisNkjlbUCMVJYfLxkpKngAAAJc"]
[Thu Jun 11 16:33:38.582240 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZQAAAU8"]
[Thu Jun 11 16:33:38.582241 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.vscode/settings.json"] [unique_id "aisNkk4Kpjoch0F_BSr-yQAAAEQ"]
[Thu Jun 11 16:33:38.582458 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZQAAAU8"]
[Thu Jun 11 16:33:38.582771 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZQAAAU8"]
[Thu Jun 11 16:33:38.583071 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZQAAAU8"]
[Thu Jun 11 16:33:38.583859 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ygAAAEE"]
[Thu Jun 11 16:33:38.584014 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ygAAAEE"]
[Thu Jun 11 16:33:38.584202 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/workflows/deploy.yml"] [unique_id "aisNkv8lKn4qdPkDWlA2mwAAARA"]
[Thu Jun 11 16:33:38.584320 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/current/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-ygAAAEE"]
[Thu Jun 11 16:33:38.584795 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-ygAAAEE"]
[Thu Jun 11 16:33:38.585049 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/requirements.txt"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZAAAAUE"]
[Thu Jun 11 16:33:38.587635 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/manage.py"] [unique_id "aisNkqzVaq-mvl-Hfs81KQAAABA"]
[Thu Jun 11 16:33:38.588324 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wsgi.py"] [unique_id "aisNkv8lKn4qdPkDWlA2nAAAAQw"]
[Thu Jun 11 16:33:38.589614 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.local"] [unique_id "aisNkjlbUCMVJYfLxkpKnwAAAI0"]
[Thu Jun 11 16:33:38.594187 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web.zip"] [unique_id "aisNkk4Kpjoch0F_BSr-ywAAAEw"]
[Thu Jun 11 16:33:38.595759 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/bootstrap/cache/config.php"] [unique_id "aisNkk4Kpjoch0F_BSr-zAAAAEM"]
[Thu Jun 11 16:33:38.597072 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/info.php"] [unique_id "aisNkjlbUCMVJYfLxkpKoAAAAIU"]
[Thu Jun 11 16:33:38.602231 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZgAAAUs"]
[Thu Jun 11 16:33:38.602232 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNkqzVaq-mvl-Hfs81KgAAABc"]
[Thu Jun 11 16:33:38.602474 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZgAAAUs"]
[Thu Jun 11 16:33:38.602727 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.0"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZgAAAUs"]
[Thu Jun 11 16:33:38.602883 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNkqzVaq-mvl-Hfs81KgAAABc"]
[Thu Jun 11 16:33:38.603082 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.travis.yml"] [unique_id "aisNkqzVaq-mvl-Hfs81KgAAABc"]
[Thu Jun 11 16:33:38.603219 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZgAAAUs"]
[Thu Jun 11 16:33:38.603300 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81KgAAABc"]
[Thu Jun 11 16:33:38.604308 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/development.json"] [unique_id "aisNkv8lKn4qdPkDWlA2nQAAARI"]
[Thu Jun 11 16:33:38.605719 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZwAAAVI"]
[Thu Jun 11 16:33:38.605870 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZwAAAVI"]
[Thu Jun 11 16:33:38.606110 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db_dump.sql"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZwAAAVI"]
[Thu Jun 11 16:33:38.606477 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_ZwAAAVI"]
[Thu Jun 11 16:33:38.606882 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNkkKTwdTIu69rj41nvAAAAMc"]
[Thu Jun 11 16:33:38.606960 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNkkKTwdTIu69rj41nvAAAAMc"]
[Thu Jun 11 16:33:38.607314 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.bzr/branch/branch.conf"] [unique_id "aisNkkKTwdTIu69rj41nvAAAAMc"]
[Thu Jun 11 16:33:38.607609 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ngAAAQg"]
[Thu Jun 11 16:33:38.607706 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nvAAAAMc"]
[Thu Jun 11 16:33:38.607748 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webroot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ngAAAQg"]
[Thu Jun 11 16:33:38.607900 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/webroot/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ngAAAQg"]
[Thu Jun 11 16:33:38.608186 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2ngAAAQg"]
[Thu Jun 11 16:33:38.608728 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.remote-sync.json"] [unique_id "aisNkkKTwdTIu69rj41nvQAAANY"]
[Thu Jun 11 16:33:38.609230 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KwAAAAw"]
[Thu Jun 11 16:33:38.609375 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KwAAAAw"]
[Thu Jun 11 16:33:38.609600 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/portal/.env"] [unique_id "aisNkqzVaq-mvl-Hfs81KwAAAAw"]
[Thu Jun 11 16:33:38.609839 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81KwAAAAw"]
[Thu Jun 11 16:33:38.610828 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNkjlbUCMVJYfLxkpKoQAAAJE"]
[Thu Jun 11 16:33:38.611030 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNkjlbUCMVJYfLxkpKoQAAAJE"]
[Thu Jun 11 16:33:38.611249 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "aisNkjlbUCMVJYfLxkpKoQAAAJE"]
[Thu Jun 11 16:33:38.611276 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNkkKTwdTIu69rj41nvgAAAMs"]
[Thu Jun 11 16:33:38.611420 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNkkKTwdTIu69rj41nvgAAAMs"]
[Thu Jun 11 16:33:38.611456 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKoQAAAJE"]
[Thu Jun 11 16:33:38.611688 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/prod/.env"] [unique_id "aisNkkKTwdTIu69rj41nvgAAAMs"]
[Thu Jun 11 16:33:38.611920 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nvgAAAMs"]
[Thu Jun 11 16:33:38.612424 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNkkKTwdTIu69rj41nvwAAAMQ"]
[Thu Jun 11 16:33:38.612676 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNkkKTwdTIu69rj41nvwAAAMQ"]
[Thu Jun 11 16:33:38.612894 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/wp-config.php.txt"] [unique_id "aisNkkKTwdTIu69rj41nvwAAAMQ"]
[Thu Jun 11 16:33:38.613125 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nvwAAAMQ"]
[Thu Jun 11 16:33:38.614241 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNkjlbUCMVJYfLxkpKogAAAJc"]
[Thu Jun 11 16:33:38.614318 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNkjlbUCMVJYfLxkpKogAAAJc"]
[Thu Jun 11 16:33:38.614639 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/db.sql"] [unique_id "aisNkjlbUCMVJYfLxkpKogAAAJc"]
[Thu Jun 11 16:33:38.614879 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKogAAAJc"]
[Thu Jun 11 16:33:38.624310 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.github/actions/env"] [unique_id "aisNkk4Kpjoch0F_BSr-zQAAAEE"]
[Thu Jun 11 16:33:38.627549 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNkpQ1oEsc4pCWMDP_aAAAAUE"]
[Thu Jun 11 16:33:38.627723 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNkpQ1oEsc4pCWMDP_aAAAAUE"]
[Thu Jun 11 16:33:38.628017 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/log/development.log"] [unique_id "aisNkpQ1oEsc4pCWMDP_aAAAAUE"]
[Thu Jun 11 16:33:38.628200 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-zgAAAEQ"]
[Thu Jun 11 16:33:38.628308 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_aAAAAUE"]
[Thu Jun 11 16:33:38.628425 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-zgAAAEQ"]
[Thu Jun 11 16:33:38.628711 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/var/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-zgAAAEQ"]
[Thu Jun 11 16:33:38.628958 2026] [security2:error] [pid 9918:tid 9926] [client 162.243.172.115:43808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-zgAAAEQ"]
[Thu Jun 11 16:33:38.631318 2026] [security2:error] [pid 21296:tid 21315] [client 162.243.172.115:43872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.buildkite/env"] [unique_id "aisNkqzVaq-mvl-Hfs81LAAAABA"]
[Thu Jun 11 16:33:38.633100 2026] [security2:error] [pid 3902:tid 3925] [client 162.243.172.115:43726] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/mail.php"] [unique_id "aisNkv8lKn4qdPkDWlA2nwAAARA"]
[Thu Jun 11 16:33:38.634548 2026] [security2:error] [pid 5830:tid 5850] [client 162.243.172.115:43828] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www.zip"] [unique_id "aisNkpQ1oEsc4pCWMDP_aQAAAU8"]
[Thu Jun 11 16:33:38.637518 2026] [security2:error] [pid 21295:tid 21339] [client 162.243.172.115:43812] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/env.test"] [unique_id "aisNkjlbUCMVJYfLxkpKowAAAI0"]
[Thu Jun 11 16:33:38.638147 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNkv8lKn4qdPkDWlA2oAAAAQw"]
[Thu Jun 11 16:33:38.638299 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNkv8lKn4qdPkDWlA2oAAAAQw"]
[Thu Jun 11 16:33:38.638425 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.private"] [unique_id "aisNkv8lKn4qdPkDWlA2oAAAAQw"]
[Thu Jun 11 16:33:38.638648 2026] [security2:error] [pid 3902:tid 3921] [client 162.243.172.115:43824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2oAAAAQw"]
[Thu Jun 11 16:33:38.639568 2026] [security2:error] [pid 21295:tid 21331] [client 162.243.172.115:43710] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/bootstrap.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKpAAAAIU"]
[Thu Jun 11 16:33:38.641281 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-0AAAAEw"]
[Thu Jun 11 16:33:38.641370 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-0AAAAEw"]
[Thu Jun 11 16:33:38.642547 2026] [security2:error] [pid 9918:tid 9925] [client 162.243.172.115:43884] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/secrets.json"] [unique_id "aisNkk4Kpjoch0F_BSr-0QAAAEM"]
[Thu Jun 11 16:33:38.645240 2026] [security2:error] [pid 21296:tid 21323] [client 162.243.172.115:43796] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aisNkqzVaq-mvl-Hfs81LQAAABc"]
[Thu Jun 11 16:33:38.646151 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2oQAAARI"]
[Thu Jun 11 16:33:38.646320 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2oQAAARI"]
[Thu Jun 11 16:33:38.646501 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cms/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2oQAAARI"]
[Thu Jun 11 16:33:38.646752 2026] [security2:error] [pid 3902:tid 3927] [client 162.243.172.115:43914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2oQAAARI"]
[Thu Jun 11 16:33:38.647771 2026] [security2:error] [pid 5830:tid 5846] [client 162.243.172.115:43750] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/config/app.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_agAAAUs"]
[Thu Jun 11 16:33:38.649112 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/storage/logs/laravel.log"] [unique_id "aisNkk4Kpjoch0F_BSr-0AAAAEw"]
[Thu Jun 11 16:33:38.649511 2026] [security2:error] [pid 9918:tid 9934] [client 162.243.172.115:43856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-0AAAAEw"]
[Thu Jun 11 16:33:38.650422 2026] [security2:error] [pid 21243:tid 21268] [client 162.243.172.115:43700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.runtimeconfig.json"] [unique_id "aisNkkKTwdTIu69rj41nwAAAANY"]
[Thu Jun 11 16:33:38.651938 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNkkKTwdTIu69rj41nwQAAAMc"]
[Thu Jun 11 16:33:38.652109 2026] [security2:error] [pid 5830:tid 5853] [client 162.243.172.115:43780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/adminer.php"] [unique_id "aisNkpQ1oEsc4pCWMDP_awAAAVI"]
[Thu Jun 11 16:33:38.652092 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNkkKTwdTIu69rj41nwQAAAMc"]
[Thu Jun 11 16:33:38.652444 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.1"] [unique_id "aisNkkKTwdTIu69rj41nwQAAAMc"]
[Thu Jun 11 16:33:38.652773 2026] [security2:error] [pid 21243:tid 21253] [client 162.243.172.115:43902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nwQAAAMc"]
[Thu Jun 11 16:33:38.653451 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ogAAAQg"]
[Thu Jun 11 16:33:38.653560 2026] [security2:error] [pid 21243:tid 21257] [client 162.243.172.115:43830] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/config/queue.php"] [unique_id "aisNkkKTwdTIu69rj41nwgAAAMs"]
[Thu Jun 11 16:33:38.653627 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dump/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ogAAAQg"]
[Thu Jun 11 16:33:38.653834 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dump/.env"] [unique_id "aisNkv8lKn4qdPkDWlA2ogAAAQg"]
[Thu Jun 11 16:33:38.654038 2026] [security2:error] [pid 3902:tid 3917] [client 162.243.172.115:43874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkv8lKn4qdPkDWlA2ogAAAQg"]
[Thu Jun 11 16:33:38.654687 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNkqzVaq-mvl-Hfs81LgAAAAw"]
[Thu Jun 11 16:33:38.654878 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNkqzVaq-mvl-Hfs81LgAAAAw"]
[Thu Jun 11 16:33:38.655066 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.secret"] [unique_id "aisNkqzVaq-mvl-Hfs81LgAAAAw"]
[Thu Jun 11 16:33:38.655356 2026] [security2:error] [pid 21296:tid 21311] [client 162.243.172.115:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkqzVaq-mvl-Hfs81LgAAAAw"]
[Thu Jun 11 16:33:38.656230 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKpQAAAJE"]
[Thu Jun 11 16:33:38.656409 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /global/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKpQAAAJE"]
[Thu Jun 11 16:33:38.656620 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/global/.env"] [unique_id "aisNkjlbUCMVJYfLxkpKpQAAAJE"]
[Thu Jun 11 16:33:38.656905 2026] [security2:error] [pid 21295:tid 21343] [client 162.243.172.115:43870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkjlbUCMVJYfLxkpKpQAAAJE"]
[Thu Jun 11 16:33:38.657643 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNkkKTwdTIu69rj41nwwAAAMQ"]
[Thu Jun 11 16:33:38.657842 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environments/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNkkKTwdTIu69rj41nwwAAAMQ"]
[Thu Jun 11 16:33:38.658031 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/environments/.env"] [unique_id "aisNkkKTwdTIu69rj41nwwAAAMQ"]
[Thu Jun 11 16:33:38.658229 2026] [security2:error] [pid 21295:tid 21349] [client 162.243.172.115:43842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.circleci/config.yml"] [unique_id "aisNkjlbUCMVJYfLxkpKpgAAAJc"]
[Thu Jun 11 16:33:38.658281 2026] [security2:error] [pid 21243:tid 21250] [client 162.243.172.115:43740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkkKTwdTIu69rj41nwwAAAMQ"]
[Thu Jun 11 16:33:38.666525 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-0gAAAEE"]
[Thu Jun 11 16:33:38.666773 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-0gAAAEE"]
[Thu Jun 11 16:33:38.666991 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ui/.env"] [unique_id "aisNkk4Kpjoch0F_BSr-0gAAAEE"]
[Thu Jun 11 16:33:38.667272 2026] [security2:error] [pid 9918:tid 9923] [client 162.243.172.115:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkk4Kpjoch0F_BSr-0gAAAEE"]
[Thu Jun 11 16:33:38.668140 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_bAAAAUE"]
[Thu Jun 11 16:33:38.668315 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_bAAAAUE"]
[Thu Jun 11 16:33:38.668459 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/dev/.env"] [unique_id "aisNkpQ1oEsc4pCWMDP_bAAAAUE"]
[Thu Jun 11 16:33:38.668768 2026] [security2:error] [pid 5830:tid 5836] [client 162.243.172.115:43768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisNkpQ1oEsc4pCWMDP_bAAAAUE"]
[Thu Jun 11 16:35:33.608942 2026] [security2:error] [pid 21295:tid 21345] [client 74.7.242.25:41634] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/mounts found within ARGS:fileloc: /proc/7722/root/proc/self/root/proc/self/mounts"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisOBTlbUCMVJYfLxkpLrAAAAJM"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/proc/self
[Thu Jun 11 16:35:33.609717 2026] [security2:error] [pid 21295:tid 21345] [client 74.7.242.25:41634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisOBTlbUCMVJYfLxkpLrAAAAJM"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/proc/self
[Thu Jun 11 16:35:33.609982 2026] [security2:error] [pid 21295:tid 21345] [client 74.7.242.25:41634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisOBTlbUCMVJYfLxkpLrAAAAJM"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/proc/self
[Thu Jun 11 16:40:45.868947 2026] [security2:error] [pid 21243:tid 21265] [client 20.29.23.140:39290] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aisPPUKTwdTIu69rj41tqwAAANM"]
[Thu Jun 11 16:40:45.869078 2026] [security2:error] [pid 21243:tid 21265] [client 20.29.23.140:39290] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aisPPUKTwdTIu69rj41tqwAAANM"]
[Thu Jun 11 16:40:45.869382 2026] [security2:error] [pid 21243:tid 21265] [client 20.29.23.140:39290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aisPPUKTwdTIu69rj41tqwAAANM"]
[Thu Jun 11 16:40:45.870751 2026] [security2:error] [pid 21243:tid 21265] [client 20.29.23.140:39290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisPPUKTwdTIu69rj41tqwAAANM"]
[Thu Jun 11 16:47:41.094912 2026] [security2:error] [pid 21296:tid 21311] [client 198.235.24.155:65298] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisQ3azVaq-mvl-Hfs9BfQAAAAw"]
[Thu Jun 11 16:50:30.754682 2026] [security2:error] [pid 21296:tid 21320] [client 43.133.187.11:56460] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aisRhqzVaq-mvl-Hfs9FJAAAABU"], referer: http://machen.ai
[Thu Jun 11 16:51:24.941925 2026] [security2:error] [pid 3902:tid 3920] [client 45.148.10.67:34184] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisRvP8lKn4qdPkDWlBIUAAAAQs"]
[Thu Jun 11 16:54:11.002338 2026] [security2:error] [pid 5830:tid 5848] [client 109.105.210.105:44680] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisSY5Q1oEsc4pCWMDMQ7gAAAU0"], referer: http://13.84.161.190/
[Thu Jun 11 16:56:40.904880 2026] [security2:error] [pid 3902:tid 3933] [client 18.221.197.55:28780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisS-P8lKn4qdPkDWlBMWgAAARg"], referer: http://13.84.161.190/
[Thu Jun 11 16:56:56.929462 2026] [security2:error] [pid 3902:tid 3922] [client 34.64.174.29:52508] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.live"] [unique_id "aisTCP8lKn4qdPkDWlBMmgAAAQ0"]
[Thu Jun 11 16:56:56.929680 2026] [security2:error] [pid 3902:tid 3922] [client 34.64.174.29:52508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.live"] [unique_id "aisTCP8lKn4qdPkDWlBMmgAAAQ0"]
[Thu Jun 11 16:56:56.930003 2026] [security2:error] [pid 3902:tid 3922] [client 34.64.174.29:52508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.live"] [unique_id "aisTCP8lKn4qdPkDWlBMmgAAAQ0"]
[Thu Jun 11 16:56:56.946545 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:52540] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzgAAAUs"]
[Thu Jun 11 16:56:56.947183 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:52540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/server/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzgAAAUs"]
[Thu Jun 11 16:56:56.947496 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:52540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzgAAAUs"]
[Thu Jun 11 16:56:56.948794 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:52524] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/api/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LuQAAAAg"]
[Thu Jun 11 16:56:56.948953 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:52524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/api/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LuQAAAAg"]
[Thu Jun 11 16:56:56.949166 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:52572] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/.env.production"] [unique_id "aisTCEKTwdTIu69rj4178gAAAMc"]
[Thu Jun 11 16:56:56.949292 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:52572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/server/.env.production"] [unique_id "aisTCEKTwdTIu69rj4178gAAAMc"]
[Thu Jun 11 16:56:56.949417 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:52524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/api/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LuQAAAAg"]
[Thu Jun 11 16:56:56.949496 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:52572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/.env.production"] [unique_id "aisTCEKTwdTIu69rj4178gAAAMc"]
[Thu Jun 11 16:56:56.950869 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:52548] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGAAAAIc"]
[Thu Jun 11 16:56:56.951005 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:52548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/server/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGAAAAIc"]
[Thu Jun 11 16:56:56.951232 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:52548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGAAAAIc"]
[Thu Jun 11 16:56:56.952725 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:52564] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/server/.env.backup"] [unique_id "aisTCP8lKn4qdPkDWlBMmwAAAQU"]
[Thu Jun 11 16:56:56.952836 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:52564] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/server/.env.backup"] [unique_id "aisTCP8lKn4qdPkDWlBMmwAAAQU"]
[Thu Jun 11 16:56:56.952970 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:52564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/server/.env.backup"] [unique_id "aisTCP8lKn4qdPkDWlBMmwAAAQU"]
[Thu Jun 11 16:56:56.953235 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:52564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/server/.env.backup"] [unique_id "aisTCP8lKn4qdPkDWlBMmwAAAQU"]
[Thu Jun 11 16:56:56.955036 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:52588] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LugAAABM"]
[Thu Jun 11 16:56:56.955188 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:52588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LugAAABM"]
[Thu Jun 11 16:56:56.955410 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:52588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/.env"] [unique_id "aisTCKzVaq-mvl-Hfs9LugAAABM"]
[Thu Jun 11 16:56:56.969793 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:52610] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/.env.production"] [unique_id "aisTCDlbUCMVJYfLxkpfGQAAAIk"]
[Thu Jun 11 16:56:56.969953 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:52610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/.env.production"] [unique_id "aisTCDlbUCMVJYfLxkpfGQAAAIk"]
[Thu Jun 11 16:56:56.970165 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:52610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/.env.production"] [unique_id "aisTCDlbUCMVJYfLxkpfGQAAAIk"]
[Thu Jun 11 16:56:56.973788 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:52618] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aisTCP8lKn4qdPkDWlBMnQAAAQQ"]
[Thu Jun 11 16:56:56.973951 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:52618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aisTCP8lKn4qdPkDWlBMnQAAAQQ"]
[Thu Jun 11 16:56:56.974215 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:52618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.prod"] [unique_id "aisTCP8lKn4qdPkDWlBMnQAAAQQ"]
[Thu Jun 11 16:56:56.977334 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:52598] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzwAAAUY"]
[Thu Jun 11 16:56:56.978480 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:52598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzwAAAUY"]
[Thu Jun 11 16:56:56.978754 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:52598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/.env.local"] [unique_id "aisTCJQ1oEsc4pCWMDMTzwAAAUY"]
[Thu Jun 11 16:56:56.987875 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:52624] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.local"] [unique_id "aisTCKzVaq-mvl-Hfs9LuwAAABc"]
[Thu Jun 11 16:56:56.988133 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:52624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.local"] [unique_id "aisTCKzVaq-mvl-Hfs9LuwAAABc"]
[Thu Jun 11 16:56:56.988440 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:52624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.local"] [unique_id "aisTCKzVaq-mvl-Hfs9LuwAAABc"]
[Thu Jun 11 16:56:56.990174 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:52642] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/.env"] [unique_id "aisTCJQ1oEsc4pCWMDMT0AAAAVg"]
[Thu Jun 11 16:56:56.990434 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:52642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/admin/.env"] [unique_id "aisTCJQ1oEsc4pCWMDMT0AAAAVg"]
[Thu Jun 11 16:56:56.990956 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:52642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/.env"] [unique_id "aisTCJQ1oEsc4pCWMDMT0AAAAVg"]
[Thu Jun 11 16:56:56.995641 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:52626] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/service/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGgAAAIE"]
[Thu Jun 11 16:56:56.995793 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:52626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/service/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGgAAAIE"]
[Thu Jun 11 16:56:56.996008 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:52626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/service/.env"] [unique_id "aisTCDlbUCMVJYfLxkpfGgAAAIE"]
[Thu Jun 11 16:56:57.027500 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:52644] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.production"] [unique_id "aisTCUKTwdTIu69rj4178wAAANM"]
[Thu Jun 11 16:56:57.027691 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:52644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.production"] [unique_id "aisTCUKTwdTIu69rj4178wAAANM"]
[Thu Jun 11 16:56:57.028044 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:52644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.production"] [unique_id "aisTCUKTwdTIu69rj4178wAAANM"]
[Thu Jun 11 16:56:57.029862 2026] [security2:error] [pid 3902:tid 3912] [client 34.64.174.29:52676] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMngAAAQM"]
[Thu Jun 11 16:56:57.030023 2026] [security2:error] [pid 3902:tid 3912] [client 34.64.174.29:52676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/internal/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMngAAAQM"]
[Thu Jun 11 16:56:57.030355 2026] [security2:error] [pid 3902:tid 3912] [client 34.64.174.29:52676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMngAAAQM"]
[Thu Jun 11 16:56:57.033540 2026] [security2:error] [pid 21296:tid 21377] [client 34.64.174.29:52650] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aisTCazVaq-mvl-Hfs9LvAAAAAU"]
[Thu Jun 11 16:56:57.033675 2026] [security2:error] [pid 21296:tid 21377] [client 34.64.174.29:52650] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aisTCazVaq-mvl-Hfs9LvAAAAAU"]
[Thu Jun 11 16:56:57.034024 2026] [security2:error] [pid 21296:tid 21377] [client 34.64.174.29:52650] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aisTCazVaq-mvl-Hfs9LvAAAAAU"]
[Thu Jun 11 16:56:57.034244 2026] [security2:error] [pid 21296:tid 21377] [client 34.64.174.29:52650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/.env.backup"] [unique_id "aisTCazVaq-mvl-Hfs9LvAAAAAU"]
[Thu Jun 11 16:56:57.044796 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:52690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/internal/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfGwAAAIo"]
[Thu Jun 11 16:56:57.044948 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:52690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/internal/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfGwAAAIo"]
[Thu Jun 11 16:56:57.045255 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:52690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/internal/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfGwAAAIo"]
[Thu Jun 11 16:56:57.046815 2026] [security2:error] [pid 5830:tid 5855] [client 34.64.174.29:52666] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/admin/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0QAAAVQ"]
[Thu Jun 11 16:56:57.046932 2026] [security2:error] [pid 5830:tid 5855] [client 34.64.174.29:52666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/admin/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0QAAAVQ"]
[Thu Jun 11 16:56:57.047090 2026] [security2:error] [pid 5830:tid 5855] [client 34.64.174.29:52666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/admin/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0QAAAVQ"]
[Thu Jun 11 16:56:57.052811 2026] [security2:error] [pid 21243:tid 21263] [client 34.64.174.29:52696] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179AAAANE"]
[Thu Jun 11 16:56:57.052986 2026] [security2:error] [pid 21243:tid 21263] [client 34.64.174.29:52696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/private/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179AAAANE"]
[Thu Jun 11 16:56:57.053231 2026] [security2:error] [pid 21243:tid 21263] [client 34.64.174.29:52696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179AAAANE"]
[Thu Jun 11 16:56:57.055170 2026] [security2:error] [pid 3902:tid 3931] [client 34.64.174.29:52702] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/private/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMnwAAARY"]
[Thu Jun 11 16:56:57.055311 2026] [security2:error] [pid 3902:tid 3931] [client 34.64.174.29:52702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/private/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMnwAAARY"]
[Thu Jun 11 16:56:57.055611 2026] [security2:error] [pid 3902:tid 3931] [client 34.64.174.29:52702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/private/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMnwAAARY"]
[Thu Jun 11 16:56:57.057515 2026] [security2:error] [pid 5830:tid 5840] [client 34.64.174.29:52704] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0gAAAUU"]
[Thu Jun 11 16:56:57.057667 2026] [security2:error] [pid 5830:tid 5840] [client 34.64.174.29:52704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0gAAAUU"]
[Thu Jun 11 16:56:57.057873 2026] [security2:error] [pid 5830:tid 5840] [client 34.64.174.29:52704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0gAAAUU"]
[Thu Jun 11 16:56:57.059297 2026] [security2:error] [pid 21296:tid 21302] [client 34.64.174.29:52710] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/.env.local"] [unique_id "aisTCazVaq-mvl-Hfs9LvQAAAAI"]
[Thu Jun 11 16:56:57.059430 2026] [security2:error] [pid 21296:tid 21302] [client 34.64.174.29:52710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/.env.local"] [unique_id "aisTCazVaq-mvl-Hfs9LvQAAAAI"]
[Thu Jun 11 16:56:57.059694 2026] [security2:error] [pid 21296:tid 21302] [client 34.64.174.29:52710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/.env.local"] [unique_id "aisTCazVaq-mvl-Hfs9LvQAAAAI"]
[Thu Jun 11 16:56:57.066680 2026] [security2:error] [pid 21295:tid 21339] [client 34.64.174.29:52722] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/stage/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHAAAAI0"]
[Thu Jun 11 16:56:57.066839 2026] [security2:error] [pid 21295:tid 21339] [client 34.64.174.29:52722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/stage/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHAAAAI0"]
[Thu Jun 11 16:56:57.067058 2026] [security2:error] [pid 21295:tid 21339] [client 34.64.174.29:52722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/stage/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHAAAAI0"]
[Thu Jun 11 16:56:57.079847 2026] [security2:error] [pid 3902:tid 3932] [client 34.64.174.29:52728] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.testing"] [unique_id "aisTCf8lKn4qdPkDWlBMoAAAARc"]
[Thu Jun 11 16:56:57.080032 2026] [security2:error] [pid 3902:tid 3932] [client 34.64.174.29:52728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.testing"] [unique_id "aisTCf8lKn4qdPkDWlBMoAAAARc"]
[Thu Jun 11 16:56:57.080422 2026] [security2:error] [pid 3902:tid 3932] [client 34.64.174.29:52728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.testing"] [unique_id "aisTCf8lKn4qdPkDWlBMoAAAARc"]
[Thu Jun 11 16:56:57.085771 2026] [security2:error] [pid 21243:tid 21269] [client 34.64.174.29:52732] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/config/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179gAAANc"]
[Thu Jun 11 16:56:57.085927 2026] [security2:error] [pid 21243:tid 21269] [client 34.64.174.29:52732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/config/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179gAAANc"]
[Thu Jun 11 16:56:57.086194 2026] [security2:error] [pid 21243:tid 21269] [client 34.64.174.29:52732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/config/.env.production"] [unique_id "aisTCUKTwdTIu69rj4179gAAANc"]
[Thu Jun 11 16:56:57.087763 2026] [security2:error] [pid 21296:tid 21309] [client 34.64.174.29:52736] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/conf/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LvgAAAAo"]
[Thu Jun 11 16:56:57.087978 2026] [security2:error] [pid 21296:tid 21309] [client 34.64.174.29:52736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/conf/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LvgAAAAo"]
[Thu Jun 11 16:56:57.088194 2026] [security2:error] [pid 21296:tid 21309] [client 34.64.174.29:52736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/conf/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LvgAAAAo"]
[Thu Jun 11 16:56:57.091336 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:52756] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.old"] [unique_id "aisTCTlbUCMVJYfLxkpfHQAAAIw"]
[Thu Jun 11 16:56:57.091463 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:52756] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.old"] [unique_id "aisTCTlbUCMVJYfLxkpfHQAAAIw"]
[Thu Jun 11 16:56:57.091690 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:52756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.old"] [unique_id "aisTCTlbUCMVJYfLxkpfHQAAAIw"]
[Thu Jun 11 16:56:57.091936 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:52756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.old"] [unique_id "aisTCTlbUCMVJYfLxkpfHQAAAIw"]
[Thu Jun 11 16:56:57.093683 2026] [security2:error] [pid 21243:tid 21268] [client 34.64.174.29:52748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/docker/.env"] [unique_id "aisTCUKTwdTIu69rj4179wAAANY"]
[Thu Jun 11 16:56:57.093869 2026] [security2:error] [pid 21243:tid 21268] [client 34.64.174.29:52748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/docker/.env"] [unique_id "aisTCUKTwdTIu69rj4179wAAANY"]
[Thu Jun 11 16:56:57.094133 2026] [security2:error] [pid 21243:tid 21268] [client 34.64.174.29:52748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/docker/.env"] [unique_id "aisTCUKTwdTIu69rj4179wAAANY"]
[Thu Jun 11 16:56:57.096404 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:52766] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aisTCf8lKn4qdPkDWlBMoQAAARA"]
[Thu Jun 11 16:56:57.096568 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:52766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aisTCf8lKn4qdPkDWlBMoQAAARA"]
[Thu Jun 11 16:56:57.096887 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:52766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.dev"] [unique_id "aisTCf8lKn4qdPkDWlBMoQAAARA"]
[Thu Jun 11 16:56:57.098375 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:52776] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LvwAAAAs"]
[Thu Jun 11 16:56:57.098478 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:52776] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LvwAAAAs"]
[Thu Jun 11 16:56:57.098640 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:52776] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LvwAAAAs"]
[Thu Jun 11 16:56:57.098916 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:52776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LvwAAAAs"]
[Thu Jun 11 16:56:57.100270 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:52760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/laravel/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0wAAAU8"]
[Thu Jun 11 16:56:57.100405 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:52760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/laravel/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0wAAAU8"]
[Thu Jun 11 16:56:57.100634 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:52760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/laravel/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT0wAAAU8"]
[Thu Jun 11 16:56:57.102437 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:52796] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wordpress/.env"] [unique_id "aisTCUKTwdTIu69rj417-AAAAMQ"]
[Thu Jun 11 16:56:57.102608 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:52796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wordpress/.env"] [unique_id "aisTCUKTwdTIu69rj417-AAAAMQ"]
[Thu Jun 11 16:56:57.102840 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:52796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wordpress/.env"] [unique_id "aisTCUKTwdTIu69rj417-AAAAMQ"]
[Thu Jun 11 16:56:57.104292 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:52784] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/src/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT1AAAAU4"]
[Thu Jun 11 16:56:57.104410 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:52784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT1AAAAU4"]
[Thu Jun 11 16:56:57.104527 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:52784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT1AAAAU4"]
[Thu Jun 11 16:56:57.104751 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:52784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT1AAAAU4"]
[Thu Jun 11 16:56:57.106214 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:52794] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/symfony/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHgAAAJQ"]
[Thu Jun 11 16:56:57.106341 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:52794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/symfony/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHgAAAJQ"]
[Thu Jun 11 16:56:57.106538 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:52794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/symfony/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfHgAAAJQ"]
[Thu Jun 11 16:56:57.118998 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:52804] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTCazVaq-mvl-Hfs9LwAAAAA4"]
[Thu Jun 11 16:56:57.119132 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:52804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTCazVaq-mvl-Hfs9LwAAAAA4"]
[Thu Jun 11 16:56:57.119165 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:52798] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.prod"] [unique_id "aisTCf8lKn4qdPkDWlBMogAAAQ8"]
[Thu Jun 11 16:56:57.119301 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:52798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.prod"] [unique_id "aisTCf8lKn4qdPkDWlBMogAAAQ8"]
[Thu Jun 11 16:56:57.119382 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:52804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTCazVaq-mvl-Hfs9LwAAAAA4"]
[Thu Jun 11 16:56:57.119597 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:52798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.prod"] [unique_id "aisTCf8lKn4qdPkDWlBMogAAAQ8"]
[Thu Jun 11 16:56:57.130670 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:52810] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/wp/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT1QAAAVU"]
[Thu Jun 11 16:56:57.130818 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:52810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/wp/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT1QAAAVU"]
[Thu Jun 11 16:56:57.130979 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:52810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/wp/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT1QAAAVU"]
[Thu Jun 11 16:56:57.137539 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:52812] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/public/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIAAAAII"]
[Thu Jun 11 16:56:57.138183 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:52812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/public/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIAAAAII"]
[Thu Jun 11 16:56:57.138430 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:52812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/public/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIAAAAII"]
[Thu Jun 11 16:56:57.152230 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:52836] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/web/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMowAAARU"]
[Thu Jun 11 16:56:57.152384 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:52836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/web/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMowAAARU"]
[Thu Jun 11 16:56:57.152621 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:52836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/web/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMowAAARU"]
[Thu Jun 11 16:56:57.154218 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:52816] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTCUKTwdTIu69rj417-QAAAMY"]
[Thu Jun 11 16:56:57.154267 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:52848] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwQAAAAY"]
[Thu Jun 11 16:56:57.154352 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:52816] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTCUKTwdTIu69rj417-QAAAMY"]
[Thu Jun 11 16:56:57.154401 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:52848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwQAAAAY"]
[Thu Jun 11 16:56:57.154683 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:52816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTCUKTwdTIu69rj417-QAAAMY"]
[Thu Jun 11 16:56:57.154688 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:52848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwQAAAAY"]
[Thu Jun 11 16:56:57.157909 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:52880] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTCZQ1oEsc4pCWMDMT1gAAAUg"]
[Thu Jun 11 16:56:57.158033 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:52880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTCZQ1oEsc4pCWMDMT1gAAAUg"]
[Thu Jun 11 16:56:57.158245 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:52880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTCZQ1oEsc4pCWMDMT1gAAAUg"]
[Thu Jun 11 16:56:57.159487 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:52850] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTCUKTwdTIu69rj417-gAAAME"]
[Thu Jun 11 16:56:57.159651 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:52850] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTCUKTwdTIu69rj417-gAAAME"]
[Thu Jun 11 16:56:57.159983 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:52850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTCUKTwdTIu69rj417-gAAAME"]
[Thu Jun 11 16:56:57.160237 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:52850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTCUKTwdTIu69rj417-gAAAME"]
[Thu Jun 11 16:56:57.163629 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:52824] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTCf8lKn4qdPkDWlBMpAAAAQg"]
[Thu Jun 11 16:56:57.163646 2026] [security2:error] [pid 21295:tid 21348] [client 34.64.174.29:52866] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIQAAAJY"]
[Thu Jun 11 16:56:57.163755 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:52824] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTCf8lKn4qdPkDWlBMpAAAAQg"]
[Thu Jun 11 16:56:57.163791 2026] [security2:error] [pid 21295:tid 21348] [client 34.64.174.29:52866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIQAAAJY"]
[Thu Jun 11 16:56:57.163878 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:52824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTCf8lKn4qdPkDWlBMpAAAAQg"]
[Thu Jun 11 16:56:57.164001 2026] [security2:error] [pid 21295:tid 21348] [client 34.64.174.29:52866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIQAAAJY"]
[Thu Jun 11 16:56:57.164093 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:52824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTCf8lKn4qdPkDWlBMpAAAAQg"]
[Thu Jun 11 16:56:57.165789 2026] [security2:error] [pid 21296:tid 21319] [client 34.64.174.29:52896] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwgAAABQ"]
[Thu Jun 11 16:56:57.165919 2026] [security2:error] [pid 21296:tid 21319] [client 34.64.174.29:52896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwgAAABQ"]
[Thu Jun 11 16:56:57.166120 2026] [security2:error] [pid 21296:tid 21319] [client 34.64.174.29:52896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LwgAAABQ"]
[Thu Jun 11 16:56:57.168264 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:52868] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTCZQ1oEsc4pCWMDMT2AAAAVY"]
[Thu Jun 11 16:56:57.168426 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:52868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTCZQ1oEsc4pCWMDMT2AAAAVY"]
[Thu Jun 11 16:56:57.168827 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:52868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTCZQ1oEsc4pCWMDMT2AAAAVY"]
[Thu Jun 11 16:56:57.170140 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:52882] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfIgAAAI8"]
[Thu Jun 11 16:56:57.170327 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:52882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfIgAAAI8"]
[Thu Jun 11 16:56:57.170595 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:52882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfIgAAAI8"]
[Thu Jun 11 16:56:57.170908 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:52928] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTCZQ1oEsc4pCWMDMT2QAAAVE"]
[Thu Jun 11 16:56:57.171068 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:52928] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTCZQ1oEsc4pCWMDMT2QAAAVE"]
[Thu Jun 11 16:56:57.171263 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:52928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTCZQ1oEsc4pCWMDMT2QAAAVE"]
[Thu Jun 11 16:56:57.171460 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:52928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTCZQ1oEsc4pCWMDMT2QAAAVE"]
[Thu Jun 11 16:56:57.172254 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:52902] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTCf8lKn4qdPkDWlBMpQAAARg"]
[Thu Jun 11 16:56:57.172367 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:52902] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTCf8lKn4qdPkDWlBMpQAAARg"]
[Thu Jun 11 16:56:57.172475 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:52902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTCf8lKn4qdPkDWlBMpQAAARg"]
[Thu Jun 11 16:56:57.172737 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:52902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTCf8lKn4qdPkDWlBMpQAAARg"]
[Thu Jun 11 16:56:57.173488 2026] [security2:error] [pid 21295:tid 21331] [client 34.64.174.29:52944] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIwAAAIU"]
[Thu Jun 11 16:56:57.174358 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:52920] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LwwAAAAw"]
[Thu Jun 11 16:56:57.174678 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:52920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LwwAAAAw"]
[Thu Jun 11 16:56:57.175129 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LwwAAAAw"]
[Thu Jun 11 16:56:57.177329 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:52984] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTCUKTwdTIu69rj417_AAAAMI"]
[Thu Jun 11 16:56:57.177611 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:52984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTCUKTwdTIu69rj417_AAAAMI"]
[Thu Jun 11 16:56:57.177881 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:52984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTCUKTwdTIu69rj417_AAAAMI"]
[Thu Jun 11 16:56:57.179267 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:53008] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxAAAAAM"]
[Thu Jun 11 16:56:57.179399 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:53008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxAAAAAM"]
[Thu Jun 11 16:56:57.179542 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:53024] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJAAAAIQ"]
[Thu Jun 11 16:56:57.179643 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:53008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxAAAAAM"]
[Thu Jun 11 16:56:57.179741 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:53024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJAAAAIQ"]
[Thu Jun 11 16:56:57.179979 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:53024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJAAAAIQ"]
[Thu Jun 11 16:56:57.180980 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:53082] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxQAAABg"]
[Thu Jun 11 16:56:57.181157 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:53082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxQAAABg"]
[Thu Jun 11 16:56:57.181401 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:53082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LxQAAABg"]
[Thu Jun 11 16:56:57.184369 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:53066] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpwAAAQA"]
[Thu Jun 11 16:56:57.184512 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:53066] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpwAAAQA"]
[Thu Jun 11 16:56:57.184785 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:53066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpwAAAQA"]
[Thu Jun 11 16:56:57.186435 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:53050] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJQAAAIM"]
[Thu Jun 11 16:56:57.186514 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:52908] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTCUKTwdTIu69rj417_QAAAMA"]
[Thu Jun 11 16:56:57.186607 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:53050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJQAAAIM"]
[Thu Jun 11 16:56:57.186775 2026] [security2:error] [pid 3902:tid 3923] [client 34.64.174.29:52952] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpgAAAQ4"]
[Thu Jun 11 16:56:57.186898 2026] [security2:error] [pid 3902:tid 3923] [client 34.64.174.29:52952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpgAAAQ4"]
[Thu Jun 11 16:56:57.186893 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:53050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfJQAAAIM"]
[Thu Jun 11 16:56:57.187108 2026] [security2:error] [pid 3902:tid 3923] [client 34.64.174.29:52952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMpgAAAQ4"]
[Thu Jun 11 16:56:57.187777 2026] [security2:error] [pid 21295:tid 21331] [client 34.64.174.29:52944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIwAAAIU"]
[Thu Jun 11 16:56:57.188025 2026] [security2:error] [pid 21295:tid 21331] [client 34.64.174.29:52944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfIwAAAIU"]
[Thu Jun 11 16:56:57.188523 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:52908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTCUKTwdTIu69rj417_QAAAMA"]
[Thu Jun 11 16:56:57.188905 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:52908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTCUKTwdTIu69rj417_QAAAMA"]
[Thu Jun 11 16:56:57.189032 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:53028] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTCUKTwdTIu69rj417_gAAAMk"]
[Thu Jun 11 16:56:57.189278 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:53028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTCUKTwdTIu69rj417_gAAAMk"]
[Thu Jun 11 16:56:57.189558 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:53028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTCUKTwdTIu69rj417_gAAAMk"]
[Thu Jun 11 16:56:57.191337 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:53076] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTCUKTwdTIu69rj417_wAAAMo"]
[Thu Jun 11 16:56:57.191489 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:53076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTCUKTwdTIu69rj417_wAAAMo"]
[Thu Jun 11 16:56:57.191753 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:53076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTCUKTwdTIu69rj417_wAAAMo"]
[Thu Jun 11 16:56:57.193424 2026] [security2:error] [pid 5830:tid 5847] [client 34.64.174.29:53112] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT2wAAAUw"]
[Thu Jun 11 16:56:57.193619 2026] [security2:error] [pid 5830:tid 5847] [client 34.64.174.29:53112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT2wAAAUw"]
[Thu Jun 11 16:56:57.194004 2026] [security2:error] [pid 5830:tid 5847] [client 34.64.174.29:53112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT2wAAAUw"]
[Thu Jun 11 16:56:57.194986 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:52998] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT2gAAAUE"]
[Thu Jun 11 16:56:57.195194 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:52998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT2gAAAUE"]
[Thu Jun 11 16:56:57.195530 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:52998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT2gAAAUE"]
[Thu Jun 11 16:56:57.197686 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:53036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqAAAARI"]
[Thu Jun 11 16:56:57.197815 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:53036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqAAAARI"]
[Thu Jun 11 16:56:57.198015 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:53036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqAAAARI"]
[Thu Jun 11 16:56:57.200166 2026] [security2:error] [pid 5830:tid 5837] [client 34.64.174.29:53124] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3AAAAUI"]
[Thu Jun 11 16:56:57.200324 2026] [security2:error] [pid 5830:tid 5837] [client 34.64.174.29:53124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3AAAAUI"]
[Thu Jun 11 16:56:57.200617 2026] [security2:error] [pid 5830:tid 5837] [client 34.64.174.29:53124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3AAAAUI"]
[Thu Jun 11 16:56:57.201652 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:52968] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LxgAAAA0"]
[Thu Jun 11 16:56:57.201941 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:52968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LxgAAAA0"]
[Thu Jun 11 16:56:57.201977 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:53144] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqQAAAQk"]
[Thu Jun 11 16:56:57.202093 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:53144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqQAAAQk"]
[Thu Jun 11 16:56:57.202156 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:52968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LxgAAAA0"]
[Thu Jun 11 16:56:57.202361 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:53144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMqQAAAQk"]
[Thu Jun 11 16:56:57.204300 2026] [security2:error] [pid 21243:tid 21261] [client 34.64.174.29:53134] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTCUKTwdTIu69rj418AAAAAM8"]
[Thu Jun 11 16:56:57.204459 2026] [security2:error] [pid 21243:tid 21261] [client 34.64.174.29:53134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTCUKTwdTIu69rj418AAAAAM8"]
[Thu Jun 11 16:56:57.204710 2026] [security2:error] [pid 21243:tid 21261] [client 34.64.174.29:53134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTCUKTwdTIu69rj418AAAAAM8"]
[Thu Jun 11 16:56:57.207998 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:53168] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTCTlbUCMVJYfLxkpfJgAAAIA"]
[Thu Jun 11 16:56:57.208358 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:53168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTCTlbUCMVJYfLxkpfJgAAAIA"]
[Thu Jun 11 16:56:57.208665 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:53168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTCTlbUCMVJYfLxkpfJgAAAIA"]
[Thu Jun 11 16:56:57.210445 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:53146] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3QAAAUo"]
[Thu Jun 11 16:56:57.210609 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:53146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3QAAAUo"]
[Thu Jun 11 16:56:57.210842 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:53146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT3QAAAUo"]
[Thu Jun 11 16:56:57.212698 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:53152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTCUKTwdTIu69rj418AQAAAMU"]
[Thu Jun 11 16:56:57.212924 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:53152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTCUKTwdTIu69rj418AQAAAMU"]
[Thu Jun 11 16:56:57.213181 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:53152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTCUKTwdTIu69rj418AQAAAMU"]
[Thu Jun 11 16:56:57.224125 2026] [security2:error] [pid 21296:tid 21300] [client 34.64.174.29:53184] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTCazVaq-mvl-Hfs9LxwAAAAA"]
[Thu Jun 11 16:56:57.224425 2026] [security2:error] [pid 21296:tid 21300] [client 34.64.174.29:53184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTCazVaq-mvl-Hfs9LxwAAAAA"]
[Thu Jun 11 16:56:57.224727 2026] [security2:error] [pid 21296:tid 21300] [client 34.64.174.29:53184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTCazVaq-mvl-Hfs9LxwAAAAA"]
[Thu Jun 11 16:56:57.225543 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:53226] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTCf8lKn4qdPkDWlBMqwAAAQc"]
[Thu Jun 11 16:56:57.225785 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:53226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTCf8lKn4qdPkDWlBMqwAAAQc"]
[Thu Jun 11 16:56:57.225979 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:53226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTCf8lKn4qdPkDWlBMqwAAAQc"]
[Thu Jun 11 16:56:57.227607 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:53096] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTCazVaq-mvl-Hfs9LyAAAAAk"]
[Thu Jun 11 16:56:57.227760 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:53096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTCazVaq-mvl-Hfs9LyAAAAAk"]
[Thu Jun 11 16:56:57.227951 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:53096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTCazVaq-mvl-Hfs9LyAAAAAk"]
[Thu Jun 11 16:56:57.228139 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:53198] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTCUKTwdTIu69rj418AgAAAMs"]
[Thu Jun 11 16:56:57.228286 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:53198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTCUKTwdTIu69rj418AgAAAMs"]
[Thu Jun 11 16:56:57.228505 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:53198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTCUKTwdTIu69rj418AgAAAMs"]
[Thu Jun 11 16:56:57.229664 2026] [security2:error] [pid 5830:tid 5851] [client 34.64.174.29:53170] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT3gAAAVA"]
[Thu Jun 11 16:56:57.229795 2026] [security2:error] [pid 5830:tid 5851] [client 34.64.174.29:53170] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT3gAAAVA"]
[Thu Jun 11 16:56:57.229959 2026] [security2:error] [pid 5830:tid 5851] [client 34.64.174.29:53170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT3gAAAVA"]
[Thu Jun 11 16:56:57.230176 2026] [security2:error] [pid 5830:tid 5851] [client 34.64.174.29:53170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTCZQ1oEsc4pCWMDMT3gAAAVA"]
[Thu Jun 11 16:56:57.232095 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:53242] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTCZQ1oEsc4pCWMDMT3wAAAUQ"]
[Thu Jun 11 16:56:57.232263 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:53242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.default"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTCZQ1oEsc4pCWMDMT3wAAAUQ"]
[Thu Jun 11 16:56:57.232529 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:53284] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTCf8lKn4qdPkDWlBMrAAAAQI"]
[Thu Jun 11 16:56:57.232599 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:53242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTCZQ1oEsc4pCWMDMT3wAAAUQ"]
[Thu Jun 11 16:56:57.232842 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:53284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTCf8lKn4qdPkDWlBMrAAAAQI"]
[Thu Jun 11 16:56:57.233410 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:53284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTCf8lKn4qdPkDWlBMrAAAAQI"]
[Thu Jun 11 16:56:57.234002 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:53224] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LyQAAABI"]
[Thu Jun 11 16:56:57.234166 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:53224] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LyQAAABI"]
[Thu Jun 11 16:56:57.234352 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:53224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LyQAAABI"]
[Thu Jun 11 16:56:57.235262 2026] [security2:error] [pid 21295:tid 21334] [client 34.64.174.29:53208] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTCTlbUCMVJYfLxkpfJwAAAIg"]
[Thu Jun 11 16:56:57.235424 2026] [security2:error] [pid 21295:tid 21334] [client 34.64.174.29:53208] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTCTlbUCMVJYfLxkpfJwAAAIg"]
[Thu Jun 11 16:56:57.235754 2026] [security2:error] [pid 21295:tid 21334] [client 34.64.174.29:53208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTCTlbUCMVJYfLxkpfJwAAAIg"]
[Thu Jun 11 16:56:57.235999 2026] [security2:error] [pid 21295:tid 21334] [client 34.64.174.29:53208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTCTlbUCMVJYfLxkpfJwAAAIg"]
[Thu Jun 11 16:56:57.237712 2026] [security2:error] [pid 21295:tid 21344] [client 34.64.174.29:53188] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKAAAAJI"]
[Thu Jun 11 16:56:57.237896 2026] [security2:error] [pid 21295:tid 21344] [client 34.64.174.29:53188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKAAAAJI"]
[Thu Jun 11 16:56:57.238090 2026] [security2:error] [pid 21295:tid 21344] [client 34.64.174.29:53188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKAAAAJI"]
[Thu Jun 11 16:56:57.238199 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:53306] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LygAAAAQ"]
[Thu Jun 11 16:56:57.238321 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:53306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LygAAAAQ"]
[Thu Jun 11 16:56:57.240481 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:53258] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrQAAAQo"]
[Thu Jun 11 16:56:57.240724 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:53258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrQAAAQo"]
[Thu Jun 11 16:56:57.240970 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:53258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrQAAAQo"]
[Thu Jun 11 16:56:57.241639 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:53236] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT4AAAAUc"]
[Thu Jun 11 16:56:57.241846 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:53236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT4AAAAUc"]
[Thu Jun 11 16:56:57.242057 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:53236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT4AAAAUc"]
[Thu Jun 11 16:56:57.242726 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:53298] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKQAAAJc"]
[Thu Jun 11 16:56:57.242770 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:53306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTCazVaq-mvl-Hfs9LygAAAAQ"]
[Thu Jun 11 16:56:57.242863 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:53298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKQAAAJc"]
[Thu Jun 11 16:56:57.243071 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:53298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfKQAAAJc"]
[Thu Jun 11 16:56:57.245057 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:53318] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTCUKTwdTIu69rj418BAAAAMg"]
[Thu Jun 11 16:56:57.245200 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:53318] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTCUKTwdTIu69rj418BAAAAMg"]
[Thu Jun 11 16:56:57.245499 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:53318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTCUKTwdTIu69rj418BAAAAMg"]
[Thu Jun 11 16:56:57.246863 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:53204] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTCazVaq-mvl-Hfs9LywAAAAE"]
[Thu Jun 11 16:56:57.247000 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:53204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTCazVaq-mvl-Hfs9LywAAAAE"]
[Thu Jun 11 16:56:57.247209 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:53204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTCazVaq-mvl-Hfs9LywAAAAE"]
[Thu Jun 11 16:56:57.248449 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:53274] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.txt"] [unique_id "aisTCUKTwdTIu69rj418AwAAANA"]
[Thu Jun 11 16:56:57.248907 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:53274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.txt"] [unique_id "aisTCUKTwdTIu69rj418AwAAANA"]
[Thu Jun 11 16:56:57.262220 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:53196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTCf8lKn4qdPkDWlBMrgAAAQE"]
[Thu Jun 11 16:56:57.262397 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:53196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTCf8lKn4qdPkDWlBMrgAAAQE"]
[Thu Jun 11 16:56:57.262596 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:53196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTCf8lKn4qdPkDWlBMrgAAAQE"]
[Thu Jun 11 16:56:57.266090 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:53326] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4gAAAU0"]
[Thu Jun 11 16:56:57.266236 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:53326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4gAAAU0"]
[Thu Jun 11 16:56:57.266447 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:53326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4gAAAU0"]
[Thu Jun 11 16:56:57.271869 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:53344] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTCTlbUCMVJYfLxkpfKgAAAJg"]
[Thu Jun 11 16:56:57.272025 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:53344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTCTlbUCMVJYfLxkpfKgAAAJg"]
[Thu Jun 11 16:56:57.272263 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:53344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTCTlbUCMVJYfLxkpfKgAAAJg"]
[Thu Jun 11 16:56:57.274214 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:53404] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LzAAAAAc"]
[Thu Jun 11 16:56:57.274274 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:53336] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTCUKTwdTIu69rj418BQAAAMM"]
[Thu Jun 11 16:56:57.274335 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:53404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LzAAAAAc"]
[Thu Jun 11 16:56:57.274447 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:53336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTCUKTwdTIu69rj418BQAAAMM"]
[Thu Jun 11 16:56:57.274627 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:53404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTCazVaq-mvl-Hfs9LzAAAAAc"]
[Thu Jun 11 16:56:57.274781 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:53336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTCUKTwdTIu69rj418BQAAAMM"]
[Thu Jun 11 16:56:57.276145 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:53354] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrwAAARM"]
[Thu Jun 11 16:56:57.276262 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:53426] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4wAAAVI"]
[Thu Jun 11 16:56:57.276276 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:53354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrwAAARM"]
[Thu Jun 11 16:56:57.276395 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:53426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4wAAAVI"]
[Thu Jun 11 16:56:57.276494 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:53354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTCf8lKn4qdPkDWlBMrwAAARM"]
[Thu Jun 11 16:56:57.276632 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:53426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT4wAAAVI"]
[Thu Jun 11 16:56:57.281850 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:53384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfKwAAAJU"]
[Thu Jun 11 16:56:57.281988 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:53384] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfKwAAAJU"]
[Thu Jun 11 16:56:57.282281 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:53384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTCTlbUCMVJYfLxkpfKwAAAJU"]
[Thu Jun 11 16:56:57.283779 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:53434] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTCf8lKn4qdPkDWlBMsAAAARE"]
[Thu Jun 11 16:56:57.283988 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:53434] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTCf8lKn4qdPkDWlBMsAAAARE"]
[Thu Jun 11 16:56:57.284117 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:53434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTCf8lKn4qdPkDWlBMsAAAARE"]
[Thu Jun 11 16:56:57.284353 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:53434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTCf8lKn4qdPkDWlBMsAAAARE"]
[Thu Jun 11 16:56:57.288671 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:53380] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTCUKTwdTIu69rj418BgAAAMw"]
[Thu Jun 11 16:56:57.288780 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:53492] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfLAAAAJM"]
[Thu Jun 11 16:56:57.288877 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:53380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTCUKTwdTIu69rj418BgAAAMw"]
[Thu Jun 11 16:56:57.288958 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:53492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfLAAAAJM"]
[Thu Jun 11 16:56:57.289102 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:53380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTCUKTwdTIu69rj418BgAAAMw"]
[Thu Jun 11 16:56:57.289167 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:53492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTCTlbUCMVJYfLxkpfLAAAAJM"]
[Thu Jun 11 16:56:57.291039 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:53378] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LzQAAAA8"]
[Thu Jun 11 16:56:57.291154 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:53378] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LzQAAAA8"]
[Thu Jun 11 16:56:57.291206 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:53376] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfLQAAAIs"]
[Thu Jun 11 16:56:57.291259 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:53378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LzQAAAA8"]
[Thu Jun 11 16:56:57.291348 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:53376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfLQAAAIs"]
[Thu Jun 11 16:56:57.291452 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:53378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTCazVaq-mvl-Hfs9LzQAAAA8"]
[Thu Jun 11 16:56:57.291697 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:53376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTCTlbUCMVJYfLxkpfLQAAAIs"]
[Thu Jun 11 16:56:57.293133 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:53362] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTCf8lKn4qdPkDWlBMsQAAAQs"]
[Thu Jun 11 16:56:57.293244 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:53414] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTCTlbUCMVJYfLxkpfLgAAAIY"]
[Thu Jun 11 16:56:57.293406 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:53362] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTCf8lKn4qdPkDWlBMsQAAAQs"]
[Thu Jun 11 16:56:57.293409 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:53414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTCTlbUCMVJYfLxkpfLgAAAIY"]
[Thu Jun 11 16:56:57.293634 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:53362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTCf8lKn4qdPkDWlBMsQAAAQs"]
[Thu Jun 11 16:56:57.293670 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:53414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTCTlbUCMVJYfLxkpfLgAAAIY"]
[Thu Jun 11 16:56:57.295511 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:53440] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT5AAAAVc"]
[Thu Jun 11 16:56:57.295679 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:53440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT5AAAAVc"]
[Thu Jun 11 16:56:57.295912 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:53440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTCZQ1oEsc4pCWMDMT5AAAAVc"]
[Thu Jun 11 16:56:57.297949 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:53464] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT5QAAAUk"]
[Thu Jun 11 16:56:57.298091 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:53464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT5QAAAUk"]
[Thu Jun 11 16:56:57.298305 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:53464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTCZQ1oEsc4pCWMDMT5QAAAUk"]
[Thu Jun 11 16:56:57.299721 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:53416] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTCazVaq-mvl-Hfs9LzgAAABU"]
[Thu Jun 11 16:56:57.299843 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:53416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTCazVaq-mvl-Hfs9LzgAAABU"]
[Thu Jun 11 16:56:57.300047 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:53416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTCazVaq-mvl-Hfs9LzgAAABU"]
[Thu Jun 11 16:56:57.301533 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:53454] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTCazVaq-mvl-Hfs9LzwAAABY"]
[Thu Jun 11 16:56:57.301728 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:53454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTCazVaq-mvl-Hfs9LzwAAABY"]
[Thu Jun 11 16:56:57.301936 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:53454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTCazVaq-mvl-Hfs9LzwAAABY"]
[Thu Jun 11 16:56:57.303866 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:53476] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT5gAAAVM"]
[Thu Jun 11 16:56:57.304014 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:53476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/auth/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT5gAAAVM"]
[Thu Jun 11 16:56:57.304237 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:53476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTCZQ1oEsc4pCWMDMT5gAAAVM"]
[Thu Jun 11 16:56:57.305893 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:53388] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTCTlbUCMVJYfLxkpfLwAAAJA"]
[Thu Jun 11 16:56:57.306039 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:53388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTCTlbUCMVJYfLxkpfLwAAAJA"]
[Thu Jun 11 16:56:57.306276 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:53388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTCTlbUCMVJYfLxkpfLwAAAJA"]
[Thu Jun 11 16:56:57.539239 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:53496] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTCUKTwdTIu69rj418BwAAANU"]
[Thu Jun 11 16:56:57.539394 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:53496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTCUKTwdTIu69rj418BwAAANU"]
[Thu Jun 11 16:56:57.539723 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:53496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTCUKTwdTIu69rj418BwAAANU"]
[Thu Jun 11 16:56:57.577951 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:53498] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTCUKTwdTIu69rj418CAAAAM4"]
[Thu Jun 11 16:56:57.578069 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:53498] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTCUKTwdTIu69rj418CAAAAM4"]
[Thu Jun 11 16:56:57.578203 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:53498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTCUKTwdTIu69rj418CAAAAM4"]
[Thu Jun 11 16:56:57.578514 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:53498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTCUKTwdTIu69rj418CAAAAM4"]
[Thu Jun 11 16:56:57.589190 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:53512] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWngAAAEg"]
[Thu Jun 11 16:56:57.589364 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:53512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWngAAAEg"]
[Thu Jun 11 16:56:57.589751 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:53512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWngAAAEg"]
[Thu Jun 11 16:56:57.596982 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:53558] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTCUu3w-1taBUoJpFWnwAAAEo"]
[Thu Jun 11 16:56:57.597127 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:53558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTCUu3w-1taBUoJpFWnwAAAEo"]
[Thu Jun 11 16:56:57.597348 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:53558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTCUu3w-1taBUoJpFWnwAAAEo"]
[Thu Jun 11 16:56:57.598819 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:53576] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTCUu3w-1taBUoJpFWoAAAAEY"]
[Thu Jun 11 16:56:57.598957 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:53576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTCUu3w-1taBUoJpFWoAAAAEY"]
[Thu Jun 11 16:56:57.599176 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:53576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTCUu3w-1taBUoJpFWoAAAAEY"]
[Thu Jun 11 16:56:57.604909 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:53532] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTCUu3w-1taBUoJpFWoQAAAEc"]
[Thu Jun 11 16:56:57.605045 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:53532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTCUu3w-1taBUoJpFWoQAAAEc"]
[Thu Jun 11 16:56:57.605251 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:53532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTCUu3w-1taBUoJpFWoQAAAEc"]
[Thu Jun 11 16:56:57.606669 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:53570] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWogAAAEk"]
[Thu Jun 11 16:56:57.606785 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:53570] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWogAAAEk"]
[Thu Jun 11 16:56:57.606902 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:53570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWogAAAEk"]
[Thu Jun 11 16:56:57.607115 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:53570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWogAAAEk"]
[Thu Jun 11 16:56:57.608503 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:53542] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTCUu3w-1taBUoJpFWowAAAEU"]
[Thu Jun 11 16:56:57.608712 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:53542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTCUu3w-1taBUoJpFWowAAAEU"]
[Thu Jun 11 16:56:57.608939 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:53542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTCUu3w-1taBUoJpFWowAAAEU"]
[Thu Jun 11 16:56:57.610439 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:53524] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpAAAAFI"]
[Thu Jun 11 16:56:57.610607 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:53524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpAAAAFI"]
[Thu Jun 11 16:56:57.610824 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:53524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpAAAAFI"]
[Thu Jun 11 16:56:57.612105 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:53580] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpQAAAFY"]
[Thu Jun 11 16:56:57.612241 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:53580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpQAAAFY"]
[Thu Jun 11 16:56:57.612433 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:53580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpQAAAFY"]
[Thu Jun 11 16:56:57.613882 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:53596] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpgAAAFc"]
[Thu Jun 11 16:56:57.614027 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:53596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpgAAAFc"]
[Thu Jun 11 16:56:57.614282 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:53596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTCUu3w-1taBUoJpFWpgAAAFc"]
[Thu Jun 11 16:56:57.616009 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:53556] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aisTCUu3w-1taBUoJpFWpwAAAFU"]
[Thu Jun 11 16:56:57.616327 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:53556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aisTCUu3w-1taBUoJpFWpwAAAFU"]
[Thu Jun 11 16:56:57.618087 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:53608] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqAAAAFg"]
[Thu Jun 11 16:56:57.618237 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:53608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqAAAAFg"]
[Thu Jun 11 16:56:57.618529 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:53608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqAAAAFg"]
[Thu Jun 11 16:56:57.620115 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:53506] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqQAAAFM"]
[Thu Jun 11 16:56:57.620249 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:53506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqQAAAFM"]
[Thu Jun 11 16:56:57.620622 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:53506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqQAAAFM"]
[Thu Jun 11 16:56:57.622142 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:53530] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqgAAAFQ"]
[Thu Jun 11 16:56:57.622498 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:53530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqgAAAFQ"]
[Thu Jun 11 16:56:57.622641 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:53630] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqwAAAEE"]
[Thu Jun 11 16:56:57.622963 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:53630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqwAAAEE"]
[Thu Jun 11 16:56:57.623004 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:53530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqgAAAFQ"]
[Thu Jun 11 16:56:57.623289 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:53630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTCUu3w-1taBUoJpFWqwAAAEE"]
[Thu Jun 11 16:56:57.625191 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:53612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrAAAAEI"]
[Thu Jun 11 16:56:57.625347 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:53612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrAAAAEI"]
[Thu Jun 11 16:56:57.625630 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:53612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrAAAAEI"]
[Thu Jun 11 16:56:57.627457 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:53690] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrQAAAE4"]
[Thu Jun 11 16:56:57.627626 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:53690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrQAAAE4"]
[Thu Jun 11 16:56:57.628289 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:53690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTCUu3w-1taBUoJpFWrQAAAE4"]
[Thu Jun 11 16:56:57.635696 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:53614] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTCUu3w-1taBUoJpFWrgAAAEA"]
[Thu Jun 11 16:56:57.635990 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:53660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTCUu3w-1taBUoJpFWrwAAAEw"]
[Thu Jun 11 16:56:57.636241 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:53614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTCUu3w-1taBUoJpFWrgAAAEA"]
[Thu Jun 11 16:56:57.636380 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:53660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTCUu3w-1taBUoJpFWrwAAAEw"]
[Thu Jun 11 16:56:57.636962 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:53676] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTCUu3w-1taBUoJpFWsAAAAFA"]
[Thu Jun 11 16:56:57.637091 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:53660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTCUu3w-1taBUoJpFWrwAAAEw"]
[Thu Jun 11 16:56:57.637076 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:53614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTCUu3w-1taBUoJpFWrgAAAEA"]
[Thu Jun 11 16:56:57.637539 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:53664] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWsQAAAE0"]
[Thu Jun 11 16:56:57.637626 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:53676] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTCUu3w-1taBUoJpFWsAAAAFA"]
[Thu Jun 11 16:56:57.638227 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:53664] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWsQAAAE0"]
[Thu Jun 11 16:56:57.638291 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:53676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTCUu3w-1taBUoJpFWsAAAAFA"]
[Thu Jun 11 16:56:57.638652 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:53664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWsQAAAE0"]
[Thu Jun 11 16:56:57.645443 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:53636] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTCUu3w-1taBUoJpFWtQAAAEQ"]
[Thu Jun 11 16:56:57.645568 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:53636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTCUu3w-1taBUoJpFWtQAAAEQ"]
[Thu Jun 11 16:56:57.645856 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:53636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTCUu3w-1taBUoJpFWtQAAAEQ"]
[Thu Jun 11 16:56:57.647027 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:53716] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTCUu3w-1taBUoJpFWswAAAE8"]
[Thu Jun 11 16:56:57.647167 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:53716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTCUu3w-1taBUoJpFWswAAAE8"]
[Thu Jun 11 16:56:57.647378 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:53716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTCUu3w-1taBUoJpFWswAAAE8"]
[Thu Jun 11 16:56:57.648299 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:53644] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTCUu3w-1taBUoJpFWtAAAAEs"]
[Thu Jun 11 16:56:57.648445 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:53644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTCUu3w-1taBUoJpFWtAAAAEs"]
[Thu Jun 11 16:56:57.648789 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:53644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTCUu3w-1taBUoJpFWtAAAAEs"]
[Thu Jun 11 16:56:57.649746 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:53578] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWtgAAAEM"]
[Thu Jun 11 16:56:57.649869 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:53578] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWtgAAAEM"]
[Thu Jun 11 16:56:57.650006 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:53578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWtgAAAEM"]
[Thu Jun 11 16:56:57.650276 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:53578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTCUu3w-1taBUoJpFWtgAAAEM"]
[Thu Jun 11 16:56:57.651996 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:53698] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWsgAAAFE"]
[Thu Jun 11 16:56:57.652123 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:53698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWsgAAAFE"]
[Thu Jun 11 16:56:57.652284 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:53698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTCUu3w-1taBUoJpFWsgAAAFE"]
[Thu Jun 11 16:56:57.843113 2026] [security2:error] [pid 3902:tid 3922] [client 34.64.174.29:52508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCP8lKn4qdPkDWlBMmgAAAQ0"]
[Thu Jun 11 16:56:57.870430 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:52540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCJQ1oEsc4pCWMDMTzgAAAUs"]
[Thu Jun 11 16:56:57.871198 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:52572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCEKTwdTIu69rj4178gAAAMc"]
[Thu Jun 11 16:56:57.893357 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:52524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCKzVaq-mvl-Hfs9LuQAAAAg"]
[Thu Jun 11 16:56:57.964925 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:52548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCDlbUCMVJYfLxkpfGAAAAIc"]
[Thu Jun 11 16:56:58.008059 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:53714] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTCjlbUCMVJYfLxkpfMQAAAJE"]
[Thu Jun 11 16:56:58.008168 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:53714] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTCjlbUCMVJYfLxkpfMQAAAJE"]
[Thu Jun 11 16:56:58.008295 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:53714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTCjlbUCMVJYfLxkpfMQAAAJE"]
[Thu Jun 11 16:56:58.008703 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:53714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTCjlbUCMVJYfLxkpfMQAAAJE"]
[Thu Jun 11 16:56:58.349533 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:53752] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTCpQ1oEsc4pCWMDMT6QAAAUs"]
[Thu Jun 11 16:56:58.349720 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:53752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTCpQ1oEsc4pCWMDMT6QAAAUs"]
[Thu Jun 11 16:56:58.350020 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:53752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTCpQ1oEsc4pCWMDMT6QAAAUs"]
[Thu Jun 11 16:56:58.357829 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:53732] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTCkKTwdTIu69rj418DwAAAMc"]
[Thu Jun 11 16:56:58.358006 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:53732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTCkKTwdTIu69rj418DwAAAMc"]
[Thu Jun 11 16:56:58.358396 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:53732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTCkKTwdTIu69rj418DwAAAMc"]
[Thu Jun 11 16:56:58.389140 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:53748] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTCqzVaq-mvl-Hfs9L1QAAAAg"]
[Thu Jun 11 16:56:58.389299 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:53748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTCqzVaq-mvl-Hfs9L1QAAAAg"]
[Thu Jun 11 16:56:58.389540 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:53748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTCqzVaq-mvl-Hfs9L1QAAAAg"]
[Thu Jun 11 16:56:58.426968 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:52564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCP8lKn4qdPkDWlBMmwAAAQU"]
[Thu Jun 11 16:56:58.443404 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:53754] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTCjlbUCMVJYfLxkpfMwAAAIc"]
[Thu Jun 11 16:56:58.443569 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:53754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTCjlbUCMVJYfLxkpfMwAAAIc"]
[Thu Jun 11 16:56:58.443908 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:53754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTCjlbUCMVJYfLxkpfMwAAAIc"]
[Thu Jun 11 16:56:58.477527 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:52588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCKzVaq-mvl-Hfs9LugAAABM"]
[Thu Jun 11 16:56:58.555259 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:52618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCP8lKn4qdPkDWlBMnQAAAQQ"]
[Thu Jun 11 16:56:58.595906 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:52610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCDlbUCMVJYfLxkpfGQAAAIk"]
[Thu Jun 11 16:56:58.659827 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:52598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCJQ1oEsc4pCWMDMTzwAAAUY"]
[Thu Jun 11 16:56:58.967161 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:52624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCKzVaq-mvl-Hfs9LuwAAABc"]
[Thu Jun 11 16:56:59.038290 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:53760] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTC_8lKn4qdPkDWlBMuAAAAQQ"]
[Thu Jun 11 16:56:59.038429 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:53760] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTC_8lKn4qdPkDWlBMuAAAAQQ"]
[Thu Jun 11 16:56:59.038652 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:53760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTC_8lKn4qdPkDWlBMuAAAAQQ"]
[Thu Jun 11 16:56:59.038890 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:53760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTC_8lKn4qdPkDWlBMuAAAAQQ"]
[Thu Jun 11 16:56:59.062440 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:53772] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTC_8lKn4qdPkDWlBMuQAAAQU"]
[Thu Jun 11 16:56:59.062724 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:53772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTC_8lKn4qdPkDWlBMuQAAAQU"]
[Thu Jun 11 16:56:59.062999 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:53772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTC_8lKn4qdPkDWlBMuQAAAQU"]
[Thu Jun 11 16:56:59.122424 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:53784] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTC6zVaq-mvl-Hfs9L2AAAABM"]
[Thu Jun 11 16:56:59.122543 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:53784] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTC6zVaq-mvl-Hfs9L2AAAABM"]
[Thu Jun 11 16:56:59.122697 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:53784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTC6zVaq-mvl-Hfs9L2AAAABM"]
[Thu Jun 11 16:56:59.122918 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:53784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTC6zVaq-mvl-Hfs9L2AAAABM"]
[Thu Jun 11 16:56:59.138663 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:53792] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTC5Q1oEsc4pCWMDMT7AAAAUY"]
[Thu Jun 11 16:56:59.138878 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:53792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTC5Q1oEsc4pCWMDMT7AAAAUY"]
[Thu Jun 11 16:56:59.139112 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:53792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTC5Q1oEsc4pCWMDMT7AAAAUY"]
[Thu Jun 11 16:56:59.158323 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:52642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCJQ1oEsc4pCWMDMT0AAAAVg"]
[Thu Jun 11 16:56:59.174995 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:52626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCDlbUCMVJYfLxkpfGgAAAIE"]
[Thu Jun 11 16:56:59.206594 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:52644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj4178wAAANM"]
[Thu Jun 11 16:56:59.218968 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:53808] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTCzlbUCMVJYfLxkpfNQAAAIk"]
[Thu Jun 11 16:56:59.219134 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:53808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTCzlbUCMVJYfLxkpfNQAAAIk"]
[Thu Jun 11 16:56:59.219400 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:53808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTCzlbUCMVJYfLxkpfNQAAAIk"]
[Thu Jun 11 16:56:59.324277 2026] [security2:error] [pid 3902:tid 3912] [client 34.64.174.29:52676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMngAAAQM"]
[Thu Jun 11 16:56:59.442743 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:53830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTC6zVaq-mvl-Hfs9L2gAAABc"]
[Thu Jun 11 16:56:59.442912 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:53830] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTC6zVaq-mvl-Hfs9L2gAAABc"]
[Thu Jun 11 16:56:59.443053 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:53830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTC6zVaq-mvl-Hfs9L2gAAABc"]
[Thu Jun 11 16:56:59.443328 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:53830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTC6zVaq-mvl-Hfs9L2gAAABc"]
[Thu Jun 11 16:56:59.637139 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:53822] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTC5Q1oEsc4pCWMDMT7wAAAVg"]
[Thu Jun 11 16:56:59.637468 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:53822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTC5Q1oEsc4pCWMDMT7wAAAVg"]
[Thu Jun 11 16:56:59.637740 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:53822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTC5Q1oEsc4pCWMDMT7wAAAVg"]
[Thu Jun 11 16:56:59.648279 2026] [security2:error] [pid 21296:tid 21377] [client 34.64.174.29:52650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LvAAAAAU"]
[Thu Jun 11 16:56:59.661180 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:53834] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTCzlbUCMVJYfLxkpfNwAAAIE"]
[Thu Jun 11 16:56:59.661341 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:53834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.pre-production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTCzlbUCMVJYfLxkpfNwAAAIE"]
[Thu Jun 11 16:56:59.661619 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:53834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTCzlbUCMVJYfLxkpfNwAAAIE"]
[Thu Jun 11 16:56:59.692106 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:53840] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTC0KTwdTIu69rj418GgAAANM"]
[Thu Jun 11 16:56:59.692278 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:53840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTC0KTwdTIu69rj418GgAAANM"]
[Thu Jun 11 16:56:59.692738 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:53840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTC0KTwdTIu69rj418GgAAANM"]
[Thu Jun 11 16:56:59.717270 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:52690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfGwAAAIo"]
[Thu Jun 11 16:56:59.808802 2026] [security2:error] [pid 5830:tid 5855] [client 34.64.174.29:52666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT0QAAAVQ"]
[Thu Jun 11 16:56:59.876914 2026] [security2:error] [pid 21243:tid 21263] [client 34.64.174.29:52696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj4179AAAANE"]
[Thu Jun 11 16:56:59.916159 2026] [security2:error] [pid 3902:tid 3931] [client 34.64.174.29:52702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMnwAAARY"]
[Thu Jun 11 16:57:00.217483 2026] [security2:error] [pid 5830:tid 5840] [client 34.64.174.29:52704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT0gAAAUU"]
[Thu Jun 11 16:57:00.340038 2026] [security2:error] [pid 21296:tid 21302] [client 34.64.174.29:52710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LvQAAAAI"]
[Thu Jun 11 16:57:00.616383 2026] [security2:error] [pid 21295:tid 21339] [client 34.64.174.29:52722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfHAAAAI0"]
[Thu Jun 11 16:57:00.663420 2026] [security2:error] [pid 3902:tid 3932] [client 34.64.174.29:52728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMoAAAARc"]
[Thu Jun 11 16:57:00.675907 2026] [security2:error] [pid 21243:tid 21269] [client 34.64.174.29:52732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj4179gAAANc"]
[Thu Jun 11 16:57:00.773831 2026] [security2:error] [pid 21296:tid 21309] [client 34.64.174.29:52736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LvgAAAAo"]
[Thu Jun 11 16:57:00.962810 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:52756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfHQAAAIw"]
[Thu Jun 11 16:57:01.181962 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:52766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMoQAAARA"]
[Thu Jun 11 16:57:01.213244 2026] [security2:error] [pid 21243:tid 21268] [client 34.64.174.29:52748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj4179wAAANY"]
[Thu Jun 11 16:57:01.317964 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:52776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LvwAAAAs"]
[Thu Jun 11 16:57:01.418954 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:52760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT0wAAAU8"]
[Thu Jun 11 16:57:01.612983 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:52796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417-AAAAMQ"]
[Thu Jun 11 16:57:01.798839 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:52784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT1AAAAU4"]
[Thu Jun 11 16:57:01.827875 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:52794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfHgAAAJQ"]
[Thu Jun 11 16:57:01.873591 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:52804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LwAAAAA4"]
[Thu Jun 11 16:57:01.940022 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:52798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMogAAAQ8"]
[Thu Jun 11 16:57:02.090136 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:52810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT1QAAAVU"]
[Thu Jun 11 16:57:02.116355 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:38452] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTDpQ1oEsc4pCWMDMT9AAAAU4"]
[Thu Jun 11 16:57:02.116474 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:38452] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTDpQ1oEsc4pCWMDMT9AAAAU4"]
[Thu Jun 11 16:57:02.116654 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:38452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTDpQ1oEsc4pCWMDMT9AAAAU4"]
[Thu Jun 11 16:57:02.117087 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:38452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.backup"] [unique_id "aisTDpQ1oEsc4pCWMDMT9AAAAU4"]
[Thu Jun 11 16:57:02.145912 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:38444] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTDjlbUCMVJYfLxkpfRAAAAJQ"]
[Thu Jun 11 16:57:02.146352 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:38444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTDjlbUCMVJYfLxkpfRAAAAJQ"]
[Thu Jun 11 16:57:02.146813 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:38444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aisTDjlbUCMVJYfLxkpfRAAAAJQ"]
[Thu Jun 11 16:57:02.184511 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:38448] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTDqzVaq-mvl-Hfs9L4QAAAA4"]
[Thu Jun 11 16:57:02.184723 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:38448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTDqzVaq-mvl-Hfs9L4QAAAA4"]
[Thu Jun 11 16:57:02.185194 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:38448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.local"] [unique_id "aisTDqzVaq-mvl-Hfs9L4QAAAA4"]
[Thu Jun 11 16:57:02.199836 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:38456] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTDv8lKn4qdPkDWlBMyAAAARA"]
[Thu Jun 11 16:57:02.200001 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:38456] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTDv8lKn4qdPkDWlBMyAAAARA"]
[Thu Jun 11 16:57:02.200673 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:38456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.backup.txt"] [unique_id "aisTDv8lKn4qdPkDWlBMyAAAARA"]
[Thu Jun 11 16:57:02.312664 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:38466] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTDkKTwdTIu69rj418KwAAAMQ"]
[Thu Jun 11 16:57:02.312841 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:38466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTDkKTwdTIu69rj418KwAAAMQ"]
[Thu Jun 11 16:57:02.313169 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:38466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production"] [unique_id "aisTDkKTwdTIu69rj418KwAAAMQ"]
[Thu Jun 11 16:57:02.339003 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:52812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfIAAAAII"]
[Thu Jun 11 16:57:02.370514 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:52836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMowAAARU"]
[Thu Jun 11 16:57:02.424693 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:52848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LwQAAAAY"]
[Thu Jun 11 16:57:02.425960 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:52816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417-QAAAMY"]
[Thu Jun 11 16:57:02.448386 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:52880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT1gAAAUg"]
[Thu Jun 11 16:57:02.476758 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:38474] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTDpQ1oEsc4pCWMDMT9QAAAU8"]
[Thu Jun 11 16:57:02.476904 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:38474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTDpQ1oEsc4pCWMDMT9QAAAU8"]
[Thu Jun 11 16:57:02.477154 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:38474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.prod"] [unique_id "aisTDpQ1oEsc4pCWMDMT9QAAAU8"]
[Thu Jun 11 16:57:02.631770 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:52824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMpAAAAQg"]
[Thu Jun 11 16:57:02.633624 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:38490] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTDv8lKn4qdPkDWlBMywAAAQg"]
[Thu Jun 11 16:57:02.633811 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:38490] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTDv8lKn4qdPkDWlBMywAAAQg"]
[Thu Jun 11 16:57:02.634030 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:38490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTDv8lKn4qdPkDWlBMywAAAQg"]
[Thu Jun 11 16:57:02.634280 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:38490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.prod.bak"] [unique_id "aisTDv8lKn4qdPkDWlBMywAAAQg"]
[Thu Jun 11 16:57:02.665062 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:52850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417-gAAAME"]
[Thu Jun 11 16:57:02.667501 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:38498] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTDkKTwdTIu69rj418LQAAAME"]
[Thu Jun 11 16:57:02.667781 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:38498] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTDkKTwdTIu69rj418LQAAAME"]
[Thu Jun 11 16:57:02.668030 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:38498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTDkKTwdTIu69rj418LQAAAME"]
[Thu Jun 11 16:57:02.668634 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:38498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production.bak"] [unique_id "aisTDkKTwdTIu69rj418LQAAAME"]
[Thu Jun 11 16:57:02.702175 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:38506] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTDv8lKn4qdPkDWlBMzAAAAQ8"]
[Thu Jun 11 16:57:02.702318 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:38506] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTDv8lKn4qdPkDWlBMzAAAAQ8"]
[Thu Jun 11 16:57:02.702508 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:38506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTDv8lKn4qdPkDWlBMzAAAAQ8"]
[Thu Jun 11 16:57:02.702912 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:38506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.old"] [unique_id "aisTDv8lKn4qdPkDWlBMzAAAAQ8"]
[Thu Jun 11 16:57:02.840149 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:38516] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTDjlbUCMVJYfLxkpfSAAAAIw"]
[Thu Jun 11 16:57:02.840309 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:38516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTDjlbUCMVJYfLxkpfSAAAAIw"]
[Thu Jun 11 16:57:02.840741 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:38516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.save"] [unique_id "aisTDjlbUCMVJYfLxkpfSAAAAIw"]
[Thu Jun 11 16:57:02.842035 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:52868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT2AAAAVY"]
[Thu Jun 11 16:57:02.844803 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:38540] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTDpQ1oEsc4pCWMDMT-AAAAVY"]
[Thu Jun 11 16:57:02.844931 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:38540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTDpQ1oEsc4pCWMDMT-AAAAVY"]
[Thu Jun 11 16:57:02.845151 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:38540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.copy"] [unique_id "aisTDpQ1oEsc4pCWMDMT-AAAAVY"]
[Thu Jun 11 16:57:03.017928 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:38524] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTD6zVaq-mvl-Hfs9L5AAAAAs"]
[Thu Jun 11 16:57:03.018073 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:38524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTD6zVaq-mvl-Hfs9L5AAAAAs"]
[Thu Jun 11 16:57:03.018337 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:38524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.development"] [unique_id "aisTD6zVaq-mvl-Hfs9L5AAAAAs"]
[Thu Jun 11 16:57:03.033336 2026] [security2:error] [pid 21296:tid 21319] [client 34.64.174.29:52896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LwgAAABQ"]
[Thu Jun 11 16:57:03.036500 2026] [security2:error] [pid 21295:tid 21348] [client 34.64.174.29:52866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfIQAAAJY"]
[Thu Jun 11 16:57:03.065924 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:52928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT2QAAAVE"]
[Thu Jun 11 16:57:03.068649 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:38544] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTD5Q1oEsc4pCWMDMT-gAAAVE"]
[Thu Jun 11 16:57:03.068793 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:38544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTD5Q1oEsc4pCWMDMT-gAAAVE"]
[Thu Jun 11 16:57:03.069064 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:38544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dev"] [unique_id "aisTD5Q1oEsc4pCWMDMT-gAAAVE"]
[Thu Jun 11 16:57:03.093056 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:52882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfIgAAAI8"]
[Thu Jun 11 16:57:03.096870 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:38556] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTDzlbUCMVJYfLxkpfSQAAAI8"]
[Thu Jun 11 16:57:03.097021 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:38556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTDzlbUCMVJYfLxkpfSQAAAI8"]
[Thu Jun 11 16:57:03.097501 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:38556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.stage"] [unique_id "aisTDzlbUCMVJYfLxkpfSQAAAI8"]
[Thu Jun 11 16:57:03.158099 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:38554] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTD6zVaq-mvl-Hfs9L5QAAAAY"]
[Thu Jun 11 16:57:03.158235 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:38554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTD6zVaq-mvl-Hfs9L5QAAAAY"]
[Thu Jun 11 16:57:03.158502 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:38554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.staging"] [unique_id "aisTD6zVaq-mvl-Hfs9L5QAAAAY"]
[Thu Jun 11 16:57:03.266558 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:52902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMpQAAARg"]
[Thu Jun 11 16:57:03.312267 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:38566] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTD_8lKn4qdPkDWlBM0AAAARU"]
[Thu Jun 11 16:57:03.312504 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:38566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTD_8lKn4qdPkDWlBM0AAAARU"]
[Thu Jun 11 16:57:03.312697 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:38576] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTD5Q1oEsc4pCWMDMT_AAAAVU"]
[Thu Jun 11 16:57:03.312847 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:38566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.qa"] [unique_id "aisTD_8lKn4qdPkDWlBM0AAAARU"]
[Thu Jun 11 16:57:03.312917 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:38576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTD5Q1oEsc4pCWMDMT_AAAAVU"]
[Thu Jun 11 16:57:03.313144 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:38576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.uat"] [unique_id "aisTD5Q1oEsc4pCWMDMT_AAAAVU"]
[Thu Jun 11 16:57:03.382023 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LwwAAAAw"]
[Thu Jun 11 16:57:03.383011 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:52984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417_AAAAMI"]
[Thu Jun 11 16:57:03.495999 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:53008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LxAAAAAM"]
[Thu Jun 11 16:57:03.498629 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:38604] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTD6zVaq-mvl-Hfs9L5wAAAAM"]
[Thu Jun 11 16:57:03.498816 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:38604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTD6zVaq-mvl-Hfs9L5wAAAAM"]
[Thu Jun 11 16:57:03.499089 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:38604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.demo"] [unique_id "aisTD6zVaq-mvl-Hfs9L5wAAAAM"]
[Thu Jun 11 16:57:03.500792 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:53024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfJAAAAIQ"]
[Thu Jun 11 16:57:03.502321 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:38594] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTDzlbUCMVJYfLxkpfTAAAAIQ"]
[Thu Jun 11 16:57:03.502452 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:38594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTDzlbUCMVJYfLxkpfTAAAAIQ"]
[Thu Jun 11 16:57:03.502718 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:38594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.preprod"] [unique_id "aisTDzlbUCMVJYfLxkpfTAAAAIQ"]
[Thu Jun 11 16:57:03.552986 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:53082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LxQAAABg"]
[Thu Jun 11 16:57:03.776255 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:53066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMpwAAAQA"]
[Thu Jun 11 16:57:03.780769 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:38578] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTD_8lKn4qdPkDWlBM0gAAAQA"]
[Thu Jun 11 16:57:03.780972 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:38578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.pre-production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTD_8lKn4qdPkDWlBM0gAAAQA"]
[Thu Jun 11 16:57:03.781233 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:38578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.pre-production"] [unique_id "aisTD_8lKn4qdPkDWlBM0gAAAQA"]
[Thu Jun 11 16:57:03.811952 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:53050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfJQAAAIM"]
[Thu Jun 11 16:57:03.813727 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:38610] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTDzlbUCMVJYfLxkpfTgAAAIM"]
[Thu Jun 11 16:57:03.813860 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:38610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTDzlbUCMVJYfLxkpfTgAAAIM"]
[Thu Jun 11 16:57:03.814092 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:38610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.test"] [unique_id "aisTDzlbUCMVJYfLxkpfTgAAAIM"]
[Thu Jun 11 16:57:03.894089 2026] [security2:error] [pid 21295:tid 21331] [client 34.64.174.29:52944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfIwAAAIU"]
[Thu Jun 11 16:57:03.895487 2026] [security2:error] [pid 3902:tid 3923] [client 34.64.174.29:52952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMpgAAAQ4"]
[Thu Jun 11 16:57:03.901169 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:52908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417_QAAAMA"]
[Thu Jun 11 16:57:03.917779 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:38612] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTD0KTwdTIu69rj418OQAAAMA"]
[Thu Jun 11 16:57:03.918017 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:38612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTD0KTwdTIu69rj418OQAAAMA"]
[Thu Jun 11 16:57:03.918326 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:38612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.sample"] [unique_id "aisTD0KTwdTIu69rj418OQAAAMA"]
[Thu Jun 11 16:57:04.125511 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:38614] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTEKzVaq-mvl-Hfs9L6QAAABg"]
[Thu Jun 11 16:57:04.125726 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:38614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTEKzVaq-mvl-Hfs9L6QAAABg"]
[Thu Jun 11 16:57:04.126155 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:38614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.example"] [unique_id "aisTEKzVaq-mvl-Hfs9L6QAAABg"]
[Thu Jun 11 16:57:04.162981 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:53028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417_gAAAMk"]
[Thu Jun 11 16:57:04.181964 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:38630] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTEJQ1oEsc4pCWMDMT_gAAAUg"]
[Thu Jun 11 16:57:04.182147 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:38630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTEJQ1oEsc4pCWMDMT_gAAAUg"]
[Thu Jun 11 16:57:04.182517 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:38630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.template"] [unique_id "aisTEJQ1oEsc4pCWMDMT_gAAAUg"]
[Thu Jun 11 16:57:04.194898 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:53076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj417_wAAAMo"]
[Thu Jun 11 16:57:04.197123 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:38644] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTEEKTwdTIu69rj418OwAAAMo"]
[Thu Jun 11 16:57:04.197296 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:38644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTEEKTwdTIu69rj418OwAAAMo"]
[Thu Jun 11 16:57:04.197520 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:38644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dist"] [unique_id "aisTEEKTwdTIu69rj418OwAAAMo"]
[Thu Jun 11 16:57:04.264530 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:53036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMqAAAARI"]
[Thu Jun 11 16:57:04.267142 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:38658] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTEP8lKn4qdPkDWlBM1QAAARI"]
[Thu Jun 11 16:57:04.267599 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:38658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.default"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTEP8lKn4qdPkDWlBM1QAAARI"]
[Thu Jun 11 16:57:04.267891 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:38658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.default"] [unique_id "aisTEP8lKn4qdPkDWlBM1QAAARI"]
[Thu Jun 11 16:57:04.281916 2026] [security2:error] [pid 5830:tid 5847] [client 34.64.174.29:53112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT2wAAAUw"]
[Thu Jun 11 16:57:04.299890 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:52998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT2gAAAUE"]
[Thu Jun 11 16:57:04.304918 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:38670] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTEJQ1oEsc4pCWMDMT_wAAAUE"]
[Thu Jun 11 16:57:04.305058 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:38670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTEJQ1oEsc4pCWMDMT_wAAAUE"]
[Thu Jun 11 16:57:04.305350 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:38670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.dev.local"] [unique_id "aisTEJQ1oEsc4pCWMDMT_wAAAUE"]
[Thu Jun 11 16:57:04.563983 2026] [security2:error] [pid 5830:tid 5837] [client 34.64.174.29:53124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT3AAAAUI"]
[Thu Jun 11 16:57:04.610992 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:52968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LxgAAAA0"]
[Thu Jun 11 16:57:04.612596 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:38680] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTEKzVaq-mvl-Hfs9L6wAAAA0"]
[Thu Jun 11 16:57:04.612736 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:38680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTEKzVaq-mvl-Hfs9L6wAAAA0"]
[Thu Jun 11 16:57:04.613023 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:38680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.development.local"] [unique_id "aisTEKzVaq-mvl-Hfs9L6wAAAA0"]
[Thu Jun 11 16:57:04.619106 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:53144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMqQAAAQk"]
[Thu Jun 11 16:57:04.638477 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:53168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfJgAAAIA"]
[Thu Jun 11 16:57:04.643251 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:38660] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTEDlbUCMVJYfLxkpfVAAAAIA"]
[Thu Jun 11 16:57:04.643366 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:38660] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTEDlbUCMVJYfLxkpfVAAAAIA"]
[Thu Jun 11 16:57:04.643502 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:38660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTEDlbUCMVJYfLxkpfVAAAAIA"]
[Thu Jun 11 16:57:04.643800 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:38660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.local.bak"] [unique_id "aisTEDlbUCMVJYfLxkpfVAAAAIA"]
[Thu Jun 11 16:57:04.679864 2026] [security2:error] [pid 21243:tid 21261] [client 34.64.174.29:53134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418AAAAAM8"]
[Thu Jun 11 16:57:05.022986 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:53152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418AQAAAMU"]
[Thu Jun 11 16:57:05.025691 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:38674] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTEUKTwdTIu69rj418RAAAAMU"]
[Thu Jun 11 16:57:05.025830 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:38674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTEUKTwdTIu69rj418RAAAAMU"]
[Thu Jun 11 16:57:05.026165 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:38674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.docker"] [unique_id "aisTEUKTwdTIu69rj418RAAAAMU"]
[Thu Jun 11 16:57:05.046901 2026] [security2:error] [pid 21296:tid 21300] [client 34.64.174.29:53184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LxwAAAAA"]
[Thu Jun 11 16:57:05.058000 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:38688] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTEazVaq-mvl-Hfs9L7AAAAAw"]
[Thu Jun 11 16:57:05.058160 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:38688] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTEazVaq-mvl-Hfs9L7AAAAAw"]
[Thu Jun 11 16:57:05.058481 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:38688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.production.local"] [unique_id "aisTEazVaq-mvl-Hfs9L7AAAAAw"]
[Thu Jun 11 16:57:05.076940 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:53146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT3QAAAUo"]
[Thu Jun 11 16:57:05.081994 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:38694] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTEZQ1oEsc4pCWMDMUAwAAAUo"]
[Thu Jun 11 16:57:05.082127 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:38694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTEZQ1oEsc4pCWMDMUAwAAAUo"]
[Thu Jun 11 16:57:05.082382 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:38694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.orig"] [unique_id "aisTEZQ1oEsc4pCWMDMUAwAAAUo"]
[Thu Jun 11 16:57:05.160995 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:53226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMqwAAAQc"]
[Thu Jun 11 16:57:05.166384 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:38708] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTEf8lKn4qdPkDWlBM2wAAAQc"]
[Thu Jun 11 16:57:05.166508 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:38708] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTEf8lKn4qdPkDWlBM2wAAAQc"]
[Thu Jun 11 16:57:05.166714 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:38708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTEf8lKn4qdPkDWlBM2wAAAQc"]
[Thu Jun 11 16:57:05.167007 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:38708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env~"] [unique_id "aisTEf8lKn4qdPkDWlBM2wAAAQc"]
[Thu Jun 11 16:57:05.185750 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:53096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LyAAAAAk"]
[Thu Jun 11 16:57:05.436421 2026] [security2:error] [pid 3902:tid 3921] [client 34.64.174.29:38696] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTEf8lKn4qdPkDWlBM3gAAAQw"]
[Thu Jun 11 16:57:05.436554 2026] [security2:error] [pid 3902:tid 3921] [client 34.64.174.29:38696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTEf8lKn4qdPkDWlBM3gAAAQw"]
[Thu Jun 11 16:57:05.436782 2026] [security2:error] [pid 3902:tid 3921] [client 34.64.174.29:38696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env.txt"] [unique_id "aisTEf8lKn4qdPkDWlBM3gAAAQw"]
[Thu Jun 11 16:57:05.453007 2026] [security2:error] [pid 5830:tid 5838] [client 34.64.174.29:38718] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aisTEZQ1oEsc4pCWMDMUBQAAAUM"]
[Thu Jun 11 16:57:05.453797 2026] [security2:error] [pid 5830:tid 5838] [client 34.64.174.29:38718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env"] [unique_id "aisTEZQ1oEsc4pCWMDMUBQAAAUM"]
[Thu Jun 11 16:57:05.482845 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:53198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418AgAAAMs"]
[Thu Jun 11 16:57:05.488978 2026] [security2:error] [pid 5830:tid 5851] [client 34.64.174.29:53170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT3gAAAVA"]
[Thu Jun 11 16:57:05.506462 2026] [security2:error] [pid 21296:tid 21316] [client 34.64.174.29:38738] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.txt"] [unique_id "aisTEazVaq-mvl-Hfs9L7wAAABE"]
[Thu Jun 11 16:57:05.507158 2026] [security2:error] [pid 21296:tid 21316] [client 34.64.174.29:38738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.txt"] [unique_id "aisTEazVaq-mvl-Hfs9L7wAAABE"]
[Thu Jun 11 16:57:05.559200 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:53242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT3wAAAUQ"]
[Thu Jun 11 16:57:05.560811 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:38724] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTEZQ1oEsc4pCWMDMUBgAAAUQ"]
[Thu Jun 11 16:57:05.560917 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:38724] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTEZQ1oEsc4pCWMDMUBgAAAUQ"]
[Thu Jun 11 16:57:05.561419 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:38724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.backup"] [unique_id "aisTEZQ1oEsc4pCWMDMUBgAAAUQ"]
[Thu Jun 11 16:57:05.604941 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:53224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LyQAAABI"]
[Thu Jun 11 16:57:05.619449 2026] [security2:error] [pid 21243:tid 21264] [client 34.64.174.29:38726] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTEUKTwdTIu69rj418SAAAANI"]
[Thu Jun 11 16:57:05.619607 2026] [security2:error] [pid 21243:tid 21264] [client 34.64.174.29:38726] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTEUKTwdTIu69rj418SAAAANI"]
[Thu Jun 11 16:57:05.620060 2026] [security2:error] [pid 21243:tid 21264] [client 34.64.174.29:38726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.bak"] [unique_id "aisTEUKTwdTIu69rj418SAAAANI"]
[Thu Jun 11 16:57:05.648170 2026] [security2:error] [pid 21295:tid 21334] [client 34.64.174.29:53208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfJwAAAIg"]
[Thu Jun 11 16:57:05.813442 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:38772] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTETlbUCMVJYfLxkpfWAAAAIo"]
[Thu Jun 11 16:57:05.813605 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:38772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTETlbUCMVJYfLxkpfWAAAAIo"]
[Thu Jun 11 16:57:05.813816 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:38772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.prod"] [unique_id "aisTETlbUCMVJYfLxkpfWAAAAIo"]
[Thu Jun 11 16:57:05.841333 2026] [security2:error] [pid 21295:tid 21344] [client 34.64.174.29:53188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfKAAAAJI"]
[Thu Jun 11 16:57:05.908008 2026] [security2:error] [pid 21296:tid 21315] [client 34.64.174.29:38750] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTEazVaq-mvl-Hfs9L8QAAABA"]
[Thu Jun 11 16:57:05.908175 2026] [security2:error] [pid 21296:tid 21315] [client 34.64.174.29:38750] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTEazVaq-mvl-Hfs9L8QAAABA"]
[Thu Jun 11 16:57:05.908549 2026] [security2:error] [pid 21296:tid 21315] [client 34.64.174.29:38750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/env.old"] [unique_id "aisTEazVaq-mvl-Hfs9L8QAAABA"]
[Thu Jun 11 16:57:05.983295 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:53236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT4AAAAUc"]
[Thu Jun 11 16:57:05.985205 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:38756] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTEZQ1oEsc4pCWMDMUCQAAAUc"]
[Thu Jun 11 16:57:05.985328 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:38756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTEZQ1oEsc4pCWMDMUCQAAAUc"]
[Thu Jun 11 16:57:05.985650 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:38756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.production"] [unique_id "aisTEZQ1oEsc4pCWMDMUCQAAAUc"]
[Thu Jun 11 16:57:06.028854 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:53258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMrQAAAQo"]
[Thu Jun 11 16:57:06.031682 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:38812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTEv8lKn4qdPkDWlBM4AAAAQo"]
[Thu Jun 11 16:57:06.031788 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:38812] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTEv8lKn4qdPkDWlBM4AAAAQo"]
[Thu Jun 11 16:57:06.031913 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:38812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTEv8lKn4qdPkDWlBM4AAAAQo"]
[Thu Jun 11 16:57:06.032162 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:38812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.backup"] [unique_id "aisTEv8lKn4qdPkDWlBM4AAAAQo"]
[Thu Jun 11 16:57:06.066962 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:53284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMrAAAAQI"]
[Thu Jun 11 16:57:06.094295 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:53306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LygAAAAQ"]
[Thu Jun 11 16:57:06.107028 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:38802] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTEqzVaq-mvl-Hfs9L8wAAAAQ"]
[Thu Jun 11 16:57:06.107182 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:38802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTEqzVaq-mvl-Hfs9L8wAAAAQ"]
[Thu Jun 11 16:57:06.107424 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:38802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.local"] [unique_id "aisTEqzVaq-mvl-Hfs9L8wAAAAQ"]
[Thu Jun 11 16:57:06.270959 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:53298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfKQAAAJc"]
[Thu Jun 11 16:57:06.273784 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:38788] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTEjlbUCMVJYfLxkpfWgAAAJc"]
[Thu Jun 11 16:57:06.274147 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:38788] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTEjlbUCMVJYfLxkpfWgAAAJc"]
[Thu Jun 11 16:57:06.284638 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:38788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTEjlbUCMVJYfLxkpfWgAAAJc"]
[Thu Jun 11 16:57:06.284920 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:38788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.bak"] [unique_id "aisTEjlbUCMVJYfLxkpfWgAAAJc"]
[Thu Jun 11 16:57:06.440080 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:53318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418BAAAAMg"]
[Thu Jun 11 16:57:06.442979 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:38820] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTEkKTwdTIu69rj418TQAAAMg"]
[Thu Jun 11 16:57:06.443082 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:38820] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTEkKTwdTIu69rj418TQAAAMg"]
[Thu Jun 11 16:57:06.443227 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:38820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTEkKTwdTIu69rj418TQAAAMg"]
[Thu Jun 11 16:57:06.443671 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:38820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.old"] [unique_id "aisTEkKTwdTIu69rj418TQAAAMg"]
[Thu Jun 11 16:57:06.457322 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:53274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418AwAAANA"]
[Thu Jun 11 16:57:06.534105 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:53204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LywAAAAE"]
[Thu Jun 11 16:57:06.550973 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:53196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMrgAAAQE"]
[Thu Jun 11 16:57:06.555903 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:38780] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTEv8lKn4qdPkDWlBM4wAAAQE"]
[Thu Jun 11 16:57:06.556085 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:38780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTEv8lKn4qdPkDWlBM4wAAAQE"]
[Thu Jun 11 16:57:06.556372 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:38780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env"] [unique_id "aisTEv8lKn4qdPkDWlBM4wAAAQE"]
[Thu Jun 11 16:57:06.735801 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:38826] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTEqzVaq-mvl-Hfs9L9gAAABI"]
[Thu Jun 11 16:57:06.735979 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:38826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTEqzVaq-mvl-Hfs9L9gAAABI"]
[Thu Jun 11 16:57:06.736272 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:38826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.staging"] [unique_id "aisTEqzVaq-mvl-Hfs9L9gAAABI"]
[Thu Jun 11 16:57:06.808928 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:53326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT4gAAAU0"]
[Thu Jun 11 16:57:06.915950 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:53404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LzAAAAAc"]
[Thu Jun 11 16:57:06.961885 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:53344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfKgAAAJg"]
[Thu Jun 11 16:57:06.968757 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:38852] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTEjlbUCMVJYfLxkpfXgAAAJg"]
[Thu Jun 11 16:57:06.968888 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:38852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTEjlbUCMVJYfLxkpfXgAAAJg"]
[Thu Jun 11 16:57:06.969099 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:38852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v3/.env"] [unique_id "aisTEjlbUCMVJYfLxkpfXgAAAJg"]
[Thu Jun 11 16:57:07.045900 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:53336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418BQAAAMM"]
[Thu Jun 11 16:57:07.052182 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:53354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMrwAAARM"]
[Thu Jun 11 16:57:07.054795 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:38846] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418UgAAAMM"]
[Thu Jun 11 16:57:07.054932 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:38846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418UgAAAMM"]
[Thu Jun 11 16:57:07.055219 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:38846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418UgAAAMM"]
[Thu Jun 11 16:57:07.075372 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:38862] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418VAAAAMs"]
[Thu Jun 11 16:57:07.075532 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:38862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418VAAAAMs"]
[Thu Jun 11 16:57:07.075911 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:38862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v1/.env"] [unique_id "aisTE0KTwdTIu69rj418VAAAAMs"]
[Thu Jun 11 16:57:07.206379 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:38848] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTE6zVaq-mvl-Hfs9L-AAAAAk"]
[Thu Jun 11 16:57:07.206532 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:38848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTE6zVaq-mvl-Hfs9L-AAAAAk"]
[Thu Jun 11 16:57:07.206834 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:38848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/.env.dev"] [unique_id "aisTE6zVaq-mvl-Hfs9L-AAAAAk"]
[Thu Jun 11 16:57:07.263229 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:38838] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6AAAAQI"]
[Thu Jun 11 16:57:07.263379 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:38838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6AAAAQI"]
[Thu Jun 11 16:57:07.263680 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:38838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/v2/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6AAAAQI"]
[Thu Jun 11 16:57:07.334174 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:53426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT4wAAAVI"]
[Thu Jun 11 16:57:07.337160 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:38872] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTE5Q1oEsc4pCWMDMUEAAAAVI"]
[Thu Jun 11 16:57:07.337298 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:38872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTE5Q1oEsc4pCWMDMUEAAAAVI"]
[Thu Jun 11 16:57:07.337611 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:38872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v2/.env"] [unique_id "aisTE5Q1oEsc4pCWMDMUEAAAAVI"]
[Thu Jun 11 16:57:07.348095 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:53384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfKwAAAJU"]
[Thu Jun 11 16:57:07.350051 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:38882] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfYQAAAJU"]
[Thu Jun 11 16:57:07.350242 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:38882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfYQAAAJU"]
[Thu Jun 11 16:57:07.350500 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:38882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/prod/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfYQAAAJU"]
[Thu Jun 11 16:57:07.456072 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:53380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418BgAAAMw"]
[Thu Jun 11 16:57:07.481797 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:38892] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTE0KTwdTIu69rj418VQAAANA"]
[Thu Jun 11 16:57:07.481948 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:38892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTE0KTwdTIu69rj418VQAAANA"]
[Thu Jun 11 16:57:07.482247 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:38892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/staging/.env"] [unique_id "aisTE0KTwdTIu69rj418VQAAANA"]
[Thu Jun 11 16:57:07.488625 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:38908] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-QAAAAE"]
[Thu Jun 11 16:57:07.488792 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:38908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-QAAAAE"]
[Thu Jun 11 16:57:07.489044 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:38908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/production/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-QAAAAE"]
[Thu Jun 11 16:57:07.534146 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:53434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMsAAAARE"]
[Thu Jun 11 16:57:07.540121 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:38896] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6QAAARE"]
[Thu Jun 11 16:57:07.540291 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:38896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6QAAARE"]
[Thu Jun 11 16:57:07.540733 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:38896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/v3/.env"] [unique_id "aisTE_8lKn4qdPkDWlBM6QAAARE"]
[Thu Jun 11 16:57:07.766294 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:53492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfLAAAAJM"]
[Thu Jun 11 16:57:07.768799 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:38914] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfZAAAAJM"]
[Thu Jun 11 16:57:07.768950 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:38914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfZAAAAJM"]
[Thu Jun 11 16:57:07.769691 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:38914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dev/.env"] [unique_id "aisTEzlbUCMVJYfLxkpfZAAAAJM"]
[Thu Jun 11 16:57:07.908892 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:53378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LzQAAAA8"]
[Thu Jun 11 16:57:07.912090 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:38928] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-wAAAA8"]
[Thu Jun 11 16:57:07.912261 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:38928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-wAAAA8"]
[Thu Jun 11 16:57:07.912875 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/development/.env"] [unique_id "aisTE6zVaq-mvl-Hfs9L-wAAAA8"]
[Thu Jun 11 16:57:07.973079 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:53376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfLQAAAIs"]
[Thu Jun 11 16:57:07.975935 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:38956] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTEzlbUCMVJYfLxkpfZgAAAIs"]
[Thu Jun 11 16:57:07.976108 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:38956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTEzlbUCMVJYfLxkpfZgAAAIs"]
[Thu Jun 11 16:57:07.976382 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:38956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.local"] [unique_id "aisTEzlbUCMVJYfLxkpfZgAAAIs"]
[Thu Jun 11 16:57:08.053102 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:38986] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTFKzVaq-mvl-Hfs9L_AAAAAc"]
[Thu Jun 11 16:57:08.053266 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:38986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTFKzVaq-mvl-Hfs9L_AAAAAc"]
[Thu Jun 11 16:57:08.053559 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:38986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env"] [unique_id "aisTFKzVaq-mvl-Hfs9L_AAAAAc"]
[Thu Jun 11 16:57:08.064554 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:38966] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM6wAAARM"]
[Thu Jun 11 16:57:08.064724 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:38966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM6wAAARM"]
[Thu Jun 11 16:57:08.065074 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:38966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/qa/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM6wAAARM"]
[Thu Jun 11 16:57:08.067977 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:38980] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTFJQ1oEsc4pCWMDMUFAAAAU0"]
[Thu Jun 11 16:57:08.068128 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:38980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTFJQ1oEsc4pCWMDMUFAAAAU0"]
[Thu Jun 11 16:57:08.068367 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:38980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.production"] [unique_id "aisTFJQ1oEsc4pCWMDMUFAAAAU0"]
[Thu Jun 11 16:57:08.074833 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:53414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfLgAAAIY"]
[Thu Jun 11 16:57:08.077496 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:38948] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTFDlbUCMVJYfLxkpfZwAAAIY"]
[Thu Jun 11 16:57:08.077650 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:38948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTFDlbUCMVJYfLxkpfZwAAAIY"]
[Thu Jun 11 16:57:08.078020 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:38948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/uat/.env"] [unique_id "aisTFDlbUCMVJYfLxkpfZwAAAIY"]
[Thu Jun 11 16:57:08.101104 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:53362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCf8lKn4qdPkDWlBMsQAAAQs"]
[Thu Jun 11 16:57:08.103054 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:38940] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM7AAAAQs"]
[Thu Jun 11 16:57:08.103189 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:38940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM7AAAAQs"]
[Thu Jun 11 16:57:08.103511 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:38940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/test/.env"] [unique_id "aisTFP8lKn4qdPkDWlBM7AAAAQs"]
[Thu Jun 11 16:57:08.314740 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:53440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT5AAAAVc"]
[Thu Jun 11 16:57:08.316504 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:38990] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTFJQ1oEsc4pCWMDMUFgAAAVc"]
[Thu Jun 11 16:57:08.316652 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:38990] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTFJQ1oEsc4pCWMDMUFgAAAVc"]
[Thu Jun 11 16:57:08.316786 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:38990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTFJQ1oEsc4pCWMDMUFgAAAVc"]
[Thu Jun 11 16:57:08.317020 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:38990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.old"] [unique_id "aisTFJQ1oEsc4pCWMDMUFgAAAVc"]
[Thu Jun 11 16:57:08.375518 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:53464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT5QAAAUk"]
[Thu Jun 11 16:57:08.379050 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:39002] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTFEKTwdTIu69rj418WwAAAMw"]
[Thu Jun 11 16:57:08.379177 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:39002] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTFEKTwdTIu69rj418WwAAAMw"]
[Thu Jun 11 16:57:08.379304 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTFEKTwdTIu69rj418WwAAAMw"]
[Thu Jun 11 16:57:08.379636 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.bak"] [unique_id "aisTFEKTwdTIu69rj418WwAAAMw"]
[Thu Jun 11 16:57:08.463976 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:53416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LzgAAABU"]
[Thu Jun 11 16:57:08.537131 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:53454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCazVaq-mvl-Hfs9LzwAAABY"]
[Thu Jun 11 16:57:08.539372 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:39022] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTFKzVaq-mvl-Hfs9L_gAAABY"]
[Thu Jun 11 16:57:08.539498 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:39022] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTFKzVaq-mvl-Hfs9L_gAAABY"]
[Thu Jun 11 16:57:08.539699 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:39022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTFKzVaq-mvl-Hfs9L_gAAABY"]
[Thu Jun 11 16:57:08.539944 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:39022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.backup"] [unique_id "aisTFKzVaq-mvl-Hfs9L_gAAABY"]
[Thu Jun 11 16:57:08.557308 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:53476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCZQ1oEsc4pCWMDMT5gAAAVM"]
[Thu Jun 11 16:57:08.559633 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:39008] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTFJQ1oEsc4pCWMDMUGQAAAVM"]
[Thu Jun 11 16:57:08.559795 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:39008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTFJQ1oEsc4pCWMDMUGQAAAVM"]
[Thu Jun 11 16:57:08.560140 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:39008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.staging"] [unique_id "aisTFJQ1oEsc4pCWMDMUGQAAAVM"]
[Thu Jun 11 16:57:08.901312 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:53496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418BwAAANU"]
[Thu Jun 11 16:57:08.902907 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:53388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCTlbUCMVJYfLxkpfLwAAAJA"]
[Thu Jun 11 16:57:08.917043 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:53498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUKTwdTIu69rj418CAAAAM4"]
[Thu Jun 11 16:57:08.918940 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:39036] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTFEKTwdTIu69rj418YAAAAM4"]
[Thu Jun 11 16:57:08.919099 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:39036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTFEKTwdTIu69rj418YAAAAM4"]
[Thu Jun 11 16:57:08.919360 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:39036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/.env.dev"] [unique_id "aisTFEKTwdTIu69rj418YAAAAM4"]
[Thu Jun 11 16:57:08.970523 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:53512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWngAAAEg"]
[Thu Jun 11 16:57:08.975438 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:39048] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTFEu3w-1taBUoJpFWtwAAAEg"]
[Thu Jun 11 16:57:08.975594 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:39048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTFEu3w-1taBUoJpFWtwAAAEg"]
[Thu Jun 11 16:57:08.975841 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:39048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/backend/.env"] [unique_id "aisTFEu3w-1taBUoJpFWtwAAAEg"]
[Thu Jun 11 16:57:09.064835 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:53558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWnwAAAEo"]
[Thu Jun 11 16:57:09.099966 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:39024] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTFZQ1oEsc4pCWMDMUHAAAAUk"]
[Thu Jun 11 16:57:09.100124 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:39024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTFZQ1oEsc4pCWMDMUHAAAAUk"]
[Thu Jun 11 16:57:09.100712 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:39024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/app/api/.env"] [unique_id "aisTFZQ1oEsc4pCWMDMUHAAAAUk"]
[Thu Jun 11 16:57:09.259522 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:39058] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTFazVaq-mvl-Hfs9MAAAAABU"]
[Thu Jun 11 16:57:09.259803 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:39058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTFazVaq-mvl-Hfs9MAAAAABU"]
[Thu Jun 11 16:57:09.260088 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:39058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env"] [unique_id "aisTFazVaq-mvl-Hfs9MAAAAABU"]
[Thu Jun 11 16:57:09.275334 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:53576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWoAAAAEY"]
[Thu Jun 11 16:57:09.286370 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:39060] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWuQAAAEY"]
[Thu Jun 11 16:57:09.286494 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:39060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWuQAAAEY"]
[Thu Jun 11 16:57:09.286712 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:39060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWuQAAAEY"]
[Thu Jun 11 16:57:09.389056 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:53542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWowAAAEU"]
[Thu Jun 11 16:57:09.391195 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:39068] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTFUu3w-1taBUoJpFWugAAAEU"]
[Thu Jun 11 16:57:09.391325 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:39068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTFUu3w-1taBUoJpFWugAAAEU"]
[Thu Jun 11 16:57:09.391712 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:39068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.local"] [unique_id "aisTFUu3w-1taBUoJpFWugAAAEU"]
[Thu Jun 11 16:57:09.456967 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:53532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWoQAAAEc"]
[Thu Jun 11 16:57:09.461353 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:39074] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTFUu3w-1taBUoJpFWuwAAAEc"]
[Thu Jun 11 16:57:09.461504 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:39074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTFUu3w-1taBUoJpFWuwAAAEc"]
[Thu Jun 11 16:57:09.461741 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:39074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.prod"] [unique_id "aisTFUu3w-1taBUoJpFWuwAAAEc"]
[Thu Jun 11 16:57:09.475062 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:53570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWogAAAEk"]
[Thu Jun 11 16:57:09.480769 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:39086] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTFUu3w-1taBUoJpFWvAAAAEk"]
[Thu Jun 11 16:57:09.480864 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:39086] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTFUu3w-1taBUoJpFWvAAAAEk"]
[Thu Jun 11 16:57:09.480979 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:39086] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTFUu3w-1taBUoJpFWvAAAAEk"]
[Thu Jun 11 16:57:09.481171 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:39086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.backup"] [unique_id "aisTFUu3w-1taBUoJpFWvAAAAEk"]
[Thu Jun 11 16:57:09.541669 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:53524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWpAAAAFI"]
[Thu Jun 11 16:57:09.545880 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:39076] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTFUu3w-1taBUoJpFWvQAAAFI"]
[Thu Jun 11 16:57:09.545985 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:39076] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTFUu3w-1taBUoJpFWvQAAAFI"]
[Thu Jun 11 16:57:09.546127 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:39076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTFUu3w-1taBUoJpFWvQAAAFI"]
[Thu Jun 11 16:57:09.546482 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:39076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.bak"] [unique_id "aisTFUu3w-1taBUoJpFWvQAAAFI"]
[Thu Jun 11 16:57:09.692011 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:53580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWpQAAAFY"]
[Thu Jun 11 16:57:09.694297 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:39094] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvgAAAFY"]
[Thu Jun 11 16:57:09.694445 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:39094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvgAAAFY"]
[Thu Jun 11 16:57:09.694762 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:39094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/api/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvgAAAFY"]
[Thu Jun 11 16:57:09.747338 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:39088] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTFTlbUCMVJYfLxkpfbwAAAJA"]
[Thu Jun 11 16:57:09.747508 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:39088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTFTlbUCMVJYfLxkpfbwAAAJA"]
[Thu Jun 11 16:57:09.747881 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:39088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/backend/.env.staging"] [unique_id "aisTFTlbUCMVJYfLxkpfbwAAAJA"]
[Thu Jun 11 16:57:09.769950 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:39106] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvwAAAEo"]
[Thu Jun 11 16:57:09.770094 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:39106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvwAAAEo"]
[Thu Jun 11 16:57:09.770418 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:39106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env"] [unique_id "aisTFUu3w-1taBUoJpFWvwAAAEo"]
[Thu Jun 11 16:57:09.801663 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:39110] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTFUKTwdTIu69rj418ZQAAANU"]
[Thu Jun 11 16:57:09.802750 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:39110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTFUKTwdTIu69rj418ZQAAANU"]
[Thu Jun 11 16:57:09.803071 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:39110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.local"] [unique_id "aisTFUKTwdTIu69rj418ZQAAANU"]
[Thu Jun 11 16:57:09.830269 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:53596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWpgAAAFc"]
[Thu Jun 11 16:57:09.849312 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:53608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWqAAAAFg"]
[Thu Jun 11 16:57:09.852019 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:39120] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWwAAAAFg"]
[Thu Jun 11 16:57:09.852196 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:39120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWwAAAAFg"]
[Thu Jun 11 16:57:09.852495 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:39120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.production"] [unique_id "aisTFUu3w-1taBUoJpFWwAAAAFg"]
[Thu Jun 11 16:57:09.933038 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:53556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWpwAAAFU"]
[Thu Jun 11 16:57:10.006664 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:53506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWqQAAAFM"]
[Thu Jun 11 16:57:10.009026 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:39136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTFku3w-1taBUoJpFWwwAAAFM"]
[Thu Jun 11 16:57:10.009133 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:39136] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTFku3w-1taBUoJpFWwwAAAFM"]
[Thu Jun 11 16:57:10.009252 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:39136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTFku3w-1taBUoJpFWwwAAAFM"]
[Thu Jun 11 16:57:10.009475 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:39136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.backup"] [unique_id "aisTFku3w-1taBUoJpFWwwAAAFM"]
[Thu Jun 11 16:57:10.042897 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:39142] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTFkKTwdTIu69rj418ZgAAAMY"]
[Thu Jun 11 16:57:10.043053 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:39142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTFkKTwdTIu69rj418ZgAAAMY"]
[Thu Jun 11 16:57:10.043317 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:39142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.staging"] [unique_id "aisTFkKTwdTIu69rj418ZgAAAMY"]
[Thu Jun 11 16:57:10.133949 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:53630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWqwAAAEE"]
[Thu Jun 11 16:57:10.140713 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:39148] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTFku3w-1taBUoJpFWxAAAAEE"]
[Thu Jun 11 16:57:10.140857 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:39148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTFku3w-1taBUoJpFWxAAAAEE"]
[Thu Jun 11 16:57:10.141077 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:39148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env"] [unique_id "aisTFku3w-1taBUoJpFWxAAAAEE"]
[Thu Jun 11 16:57:10.240911 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:53530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWqgAAAFQ"]
[Thu Jun 11 16:57:10.243174 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:39150] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTFku3w-1taBUoJpFWxQAAAFQ"]
[Thu Jun 11 16:57:10.243336 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:39150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTFku3w-1taBUoJpFWxQAAAFQ"]
[Thu Jun 11 16:57:10.243563 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:39150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/frontend/.env.dev"] [unique_id "aisTFku3w-1taBUoJpFWxQAAAFQ"]
[Thu Jun 11 16:57:10.273778 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:53612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWrAAAAEI"]
[Thu Jun 11 16:57:10.276407 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:39166] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTFku3w-1taBUoJpFWxgAAAEI"]
[Thu Jun 11 16:57:10.276589 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:39166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTFku3w-1taBUoJpFWxgAAAEI"]
[Thu Jun 11 16:57:10.276919 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:39166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env.production"] [unique_id "aisTFku3w-1taBUoJpFWxgAAAEI"]
[Thu Jun 11 16:57:10.386895 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:53690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWrQAAAE4"]
[Thu Jun 11 16:57:10.390543 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:39152] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTFku3w-1taBUoJpFWxwAAAE4"]
[Thu Jun 11 16:57:10.390879 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:39152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTFku3w-1taBUoJpFWxwAAAE4"]
[Thu Jun 11 16:57:10.391227 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:39152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/src/.env.local"] [unique_id "aisTFku3w-1taBUoJpFWxwAAAE4"]
[Thu Jun 11 16:57:10.472433 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:39168] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-AAAAQk"]
[Thu Jun 11 16:57:10.473038 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:39168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-AAAAQk"]
[Thu Jun 11 16:57:10.473699 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:39168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/www/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-AAAAQk"]
[Thu Jun 11 16:57:10.547999 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:53716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWswAAAE8"]
[Thu Jun 11 16:57:10.550894 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:39182] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTFku3w-1taBUoJpFWyAAAAE8"]
[Thu Jun 11 16:57:10.551029 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:39182] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTFku3w-1taBUoJpFWyAAAAE8"]
[Thu Jun 11 16:57:10.551307 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:39182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/htdocs/.env"] [unique_id "aisTFku3w-1taBUoJpFWyAAAAE8"]
[Thu Jun 11 16:57:10.580303 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:53636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWtQAAAEQ"]
[Thu Jun 11 16:57:10.583856 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:39234] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTFku3w-1taBUoJpFWyQAAAEQ"]
[Thu Jun 11 16:57:10.584088 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:39234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTFku3w-1taBUoJpFWyQAAAEQ"]
[Thu Jun 11 16:57:10.584537 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:39234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/deploy/.env"] [unique_id "aisTFku3w-1taBUoJpFWyQAAAEQ"]
[Thu Jun 11 16:57:10.611905 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:53578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWtgAAAEM"]
[Thu Jun 11 16:57:10.614145 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:39212] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTFku3w-1taBUoJpFWygAAAEM"]
[Thu Jun 11 16:57:10.614323 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:39212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTFku3w-1taBUoJpFWygAAAEM"]
[Thu Jun 11 16:57:10.614790 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:39212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/storage/.env"] [unique_id "aisTFku3w-1taBUoJpFWygAAAEM"]
[Thu Jun 11 16:57:10.637230 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:39224] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTFkKTwdTIu69rj418bAAAAMk"]
[Thu Jun 11 16:57:10.637394 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:39224] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTFkKTwdTIu69rj418bAAAAMk"]
[Thu Jun 11 16:57:10.637726 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:39224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/data/.env"] [unique_id "aisTFkKTwdTIu69rj418bAAAAMk"]
[Thu Jun 11 16:57:10.653263 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:53644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWtAAAAEs"]
[Thu Jun 11 16:57:10.659844 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:39236] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTFku3w-1taBUoJpFWywAAAEs"]
[Thu Jun 11 16:57:10.659977 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:39236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTFku3w-1taBUoJpFWywAAAEs"]
[Thu Jun 11 16:57:10.660256 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:39236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/uploads/.env"] [unique_id "aisTFku3w-1taBUoJpFWywAAAEs"]
[Thu Jun 11 16:57:10.824001 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:39282] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-QAAARg"]
[Thu Jun 11 16:57:10.824220 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:39282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-QAAARg"]
[Thu Jun 11 16:57:10.824658 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:39282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/build/.env"] [unique_id "aisTFv8lKn4qdPkDWlBM-QAAARg"]
[Thu Jun 11 16:57:10.869020 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:39244] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTFjlbUCMVJYfLxkpfdAAAAII"]
[Thu Jun 11 16:57:10.869232 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:39244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTFjlbUCMVJYfLxkpfdAAAAII"]
[Thu Jun 11 16:57:10.869504 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:39244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dist/.env"] [unique_id "aisTFjlbUCMVJYfLxkpfdAAAAII"]
[Thu Jun 11 16:57:10.921436 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:53698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWsgAAAFE"]
[Thu Jun 11 16:57:10.924493 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:39270] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTFku3w-1taBUoJpFWzQAAAFE"]
[Thu Jun 11 16:57:10.924848 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:39270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTFku3w-1taBUoJpFWzQAAAFE"]
[Thu Jun 11 16:57:10.925119 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:53660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWrwAAAEw"]
[Thu Jun 11 16:57:10.925274 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:39270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/tmp/.env"] [unique_id "aisTFku3w-1taBUoJpFWzQAAAFE"]
[Thu Jun 11 16:57:10.927618 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:39256] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTFku3w-1taBUoJpFWzgAAAEw"]
[Thu Jun 11 16:57:10.927755 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:39256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTFku3w-1taBUoJpFWzgAAAEw"]
[Thu Jun 11 16:57:10.927990 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:39256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/release/.env"] [unique_id "aisTFku3w-1taBUoJpFWzgAAAEw"]
[Thu Jun 11 16:57:10.944084 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:39272] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTFkKTwdTIu69rj418bQAAAMI"]
[Thu Jun 11 16:57:10.944231 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:39272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTFkKTwdTIu69rj418bQAAAMI"]
[Thu Jun 11 16:57:10.944469 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:39272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/temp/.env"] [unique_id "aisTFkKTwdTIu69rj418bQAAAMI"]
[Thu Jun 11 16:57:11.054910 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:53614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWrgAAAEA"]
[Thu Jun 11 16:57:11.058222 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:39196] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTF0u3w-1taBUoJpFWzwAAAEA"]
[Thu Jun 11 16:57:11.059801 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:39196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTF0u3w-1taBUoJpFWzwAAAEA"]
[Thu Jun 11 16:57:11.060184 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:39196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/html/.env"] [unique_id "aisTF0u3w-1taBUoJpFWzwAAAEA"]
[Thu Jun 11 16:57:11.073327 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:39292] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0AAAAFU"]
[Thu Jun 11 16:57:11.073562 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:39292] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0AAAAFU"]
[Thu Jun 11 16:57:11.074120 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:39292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/var/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0AAAAFU"]
[Thu Jun 11 16:57:11.105224 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:53676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWsAAAAFA"]
[Thu Jun 11 16:57:11.107928 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:39296] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0QAAAFA"]
[Thu Jun 11 16:57:11.108109 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:39296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0QAAAFA"]
[Thu Jun 11 16:57:11.108479 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:39296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/portal/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0QAAAFA"]
[Thu Jun 11 16:57:11.155473 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:53664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCUu3w-1taBUoJpFWsQAAAE0"]
[Thu Jun 11 16:57:11.162360 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:39310] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0gAAAE0"]
[Thu Jun 11 16:57:11.162508 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:39310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0gAAAE0"]
[Thu Jun 11 16:57:11.162909 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:39310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/dashboard/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0gAAAE0"]
[Thu Jun 11 16:57:11.320348 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:53714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCjlbUCMVJYfLxkpfMQAAAJE"]
[Thu Jun 11 16:57:11.322756 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:39316] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfdQAAAJE"]
[Thu Jun 11 16:57:11.322898 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:39316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfdQAAAJE"]
[Thu Jun 11 16:57:11.323198 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:39316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/cms/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfdQAAAJE"]
[Thu Jun 11 16:57:11.469387 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:53752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCpQ1oEsc4pCWMDMT6QAAAUs"]
[Thu Jun 11 16:57:11.473513 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:39330] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTF5Q1oEsc4pCWMDMUJwAAAUs"]
[Thu Jun 11 16:57:11.473706 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:39330] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTF5Q1oEsc4pCWMDMUJwAAAUs"]
[Thu Jun 11 16:57:11.474019 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:39330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/backend/.env"] [unique_id "aisTF5Q1oEsc4pCWMDMUJwAAAUs"]
[Thu Jun 11 16:57:11.523167 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:53748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCqzVaq-mvl-Hfs9L1QAAAAg"]
[Thu Jun 11 16:57:11.526031 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:39338] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBAAAAAg"]
[Thu Jun 11 16:57:11.526169 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:39338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBAAAAAg"]
[Thu Jun 11 16:57:11.526413 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:39338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/frontend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBAAAAAg"]
[Thu Jun 11 16:57:11.539001 2026] [security2:error] [pid 21295:tid 21333] [client 34.64.174.29:53754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCjlbUCMVJYfLxkpfMwAAAIc"]
[Thu Jun 11 16:57:11.556166 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:53732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCkKTwdTIu69rj418DwAAAMc"]
[Thu Jun 11 16:57:11.559849 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:39350] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTF0KTwdTIu69rj418cgAAAMc"]
[Thu Jun 11 16:57:11.559984 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:39350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTF0KTwdTIu69rj418cgAAAMc"]
[Thu Jun 11 16:57:11.560321 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:39350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/apps/api/.env"] [unique_id "aisTF0KTwdTIu69rj418cgAAAMc"]
[Thu Jun 11 16:57:11.584092 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:39370] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0wAAAFc"]
[Thu Jun 11 16:57:11.584241 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:39370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0wAAAFc"]
[Thu Jun 11 16:57:11.584473 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:39370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/packages/api/.env"] [unique_id "aisTF0u3w-1taBUoJpFW0wAAAFc"]
[Thu Jun 11 16:57:11.841925 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:53760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC_8lKn4qdPkDWlBMuAAAAQQ"]
[Thu Jun 11 16:57:11.844626 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:39360] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_gAAAQQ"]
[Thu Jun 11 16:57:11.844817 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:39360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_gAAAQQ"]
[Thu Jun 11 16:57:11.844884 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:53772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC_8lKn4qdPkDWlBMuQAAAQU"]
[Thu Jun 11 16:57:11.845091 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:39360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/api/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_gAAAQQ"]
[Thu Jun 11 16:57:11.846416 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:39372] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_wAAAQU"]
[Thu Jun 11 16:57:11.846544 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:39372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/auth/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_wAAAQU"]
[Thu Jun 11 16:57:11.846902 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:39372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/auth/.env"] [unique_id "aisTF_8lKn4qdPkDWlBM_wAAAQU"]
[Thu Jun 11 16:57:11.928721 2026] [security2:error] [pid 5830:tid 5841] [client 34.64.174.29:53792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC5Q1oEsc4pCWMDMT7AAAAUY"]
[Thu Jun 11 16:57:11.932104 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:53808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCzlbUCMVJYfLxkpfNQAAAIk"]
[Thu Jun 11 16:57:11.935721 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:39382] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfeQAAAIk"]
[Thu Jun 11 16:57:11.935993 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:39382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfeQAAAIk"]
[Thu Jun 11 16:57:11.936353 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:39382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/services/backend/.env"] [unique_id "aisTFzlbUCMVJYfLxkpfeQAAAIk"]
[Thu Jun 11 16:57:11.973993 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:53784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC6zVaq-mvl-Hfs9L2AAAABM"]
[Thu Jun 11 16:57:11.976837 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:39384] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBQAAABM"]
[Thu Jun 11 16:57:11.976968 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:39384] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBQAAABM"]
[Thu Jun 11 16:57:11.977221 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:39384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/api/backend/.env"] [unique_id "aisTF6zVaq-mvl-Hfs9MBQAAABM"]
[Thu Jun 11 16:57:12.159867 2026] [security2:error] [pid 5830:tid 5859] [client 34.64.174.29:53822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC5Q1oEsc4pCWMDMT7wAAAVg"]
[Thu Jun 11 16:57:12.228936 2026] [security2:error] [pid 21296:tid 21323] [client 34.64.174.29:53830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC6zVaq-mvl-Hfs9L2gAAABc"]
[Thu Jun 11 16:57:12.263916 2026] [security2:error] [pid 21295:tid 21327] [client 34.64.174.29:53834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTCzlbUCMVJYfLxkpfNwAAAIE"]
[Thu Jun 11 16:57:12.414198 2026] [security2:error] [pid 21243:tid 21265] [client 34.64.174.29:53840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTC0KTwdTIu69rj418GgAAANM"]
[Thu Jun 11 16:57:12.442980 2026] [security2:error] [pid 5830:tid 5849] [client 34.64.174.29:38452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDpQ1oEsc4pCWMDMT9AAAAU4"]
[Thu Jun 11 16:57:12.523134 2026] [security2:error] [pid 21295:tid 21346] [client 34.64.174.29:38444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDjlbUCMVJYfLxkpfRAAAAJQ"]
[Thu Jun 11 16:57:12.651860 2026] [security2:error] [pid 21296:tid 21313] [client 34.64.174.29:38448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDqzVaq-mvl-Hfs9L4QAAAA4"]
[Thu Jun 11 16:57:12.726963 2026] [security2:error] [pid 3902:tid 3925] [client 34.64.174.29:38456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDv8lKn4qdPkDWlBMyAAAARA"]
[Thu Jun 11 16:57:12.843350 2026] [security2:error] [pid 21243:tid 21250] [client 34.64.174.29:38466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDkKTwdTIu69rj418KwAAAMQ"]
[Thu Jun 11 16:57:12.919887 2026] [security2:error] [pid 3902:tid 3917] [client 34.64.174.29:38490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDv8lKn4qdPkDWlBMywAAAQg"]
[Thu Jun 11 16:57:12.924607 2026] [security2:error] [pid 5830:tid 5850] [client 34.64.174.29:38474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDpQ1oEsc4pCWMDMT9QAAAU8"]
[Thu Jun 11 16:57:13.081991 2026] [security2:error] [pid 3902:tid 3924] [client 34.64.174.29:38506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDv8lKn4qdPkDWlBMzAAAAQ8"]
[Thu Jun 11 16:57:13.130986 2026] [security2:error] [pid 21243:tid 21247] [client 34.64.174.29:38498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDkKTwdTIu69rj418LQAAAME"]
[Thu Jun 11 16:57:13.222037 2026] [security2:error] [pid 21295:tid 21338] [client 34.64.174.29:38516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDjlbUCMVJYfLxkpfSAAAAIw"]
[Thu Jun 11 16:57:13.319997 2026] [security2:error] [pid 5830:tid 5857] [client 34.64.174.29:38540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDpQ1oEsc4pCWMDMT-AAAAVY"]
[Thu Jun 11 16:57:13.433086 2026] [security2:error] [pid 21296:tid 21310] [client 34.64.174.29:38524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD6zVaq-mvl-Hfs9L5AAAAAs"]
[Thu Jun 11 16:57:13.437853 2026] [security2:error] [pid 5830:tid 5852] [client 34.64.174.29:38544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD5Q1oEsc4pCWMDMT-gAAAVE"]
[Thu Jun 11 16:57:13.601978 2026] [security2:error] [pid 21295:tid 21341] [client 34.64.174.29:38556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDzlbUCMVJYfLxkpfSQAAAI8"]
[Thu Jun 11 16:57:13.669808 2026] [security2:error] [pid 21296:tid 21305] [client 34.64.174.29:38554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD6zVaq-mvl-Hfs9L5QAAAAY"]
[Thu Jun 11 16:57:13.697106 2026] [security2:error] [pid 3902:tid 3930] [client 34.64.174.29:38566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD_8lKn4qdPkDWlBM0AAAARU"]
[Thu Jun 11 16:57:13.905460 2026] [security2:error] [pid 5830:tid 5856] [client 34.64.174.29:38576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD5Q1oEsc4pCWMDMT_AAAAVU"]
[Thu Jun 11 16:57:13.958092 2026] [security2:error] [pid 21296:tid 21303] [client 34.64.174.29:38604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD6zVaq-mvl-Hfs9L5wAAAAM"]
[Thu Jun 11 16:57:13.992510 2026] [security2:error] [pid 21295:tid 21330] [client 34.64.174.29:38594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDzlbUCMVJYfLxkpfTAAAAIQ"]
[Thu Jun 11 16:57:14.145079 2026] [security2:error] [pid 3902:tid 3909] [client 34.64.174.29:38578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD_8lKn4qdPkDWlBM0gAAAQA"]
[Thu Jun 11 16:57:14.151151 2026] [security2:error] [pid 21295:tid 21329] [client 34.64.174.29:38610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTDzlbUCMVJYfLxkpfTgAAAIM"]
[Thu Jun 11 16:57:14.403218 2026] [security2:error] [pid 21243:tid 21246] [client 34.64.174.29:38612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTD0KTwdTIu69rj418OQAAAMA"]
[Thu Jun 11 16:57:14.440490 2026] [security2:error] [pid 5830:tid 5843] [client 34.64.174.29:38630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEJQ1oEsc4pCWMDMT_gAAAUg"]
[Thu Jun 11 16:57:14.441859 2026] [security2:error] [pid 21296:tid 21324] [client 34.64.174.29:38614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEKzVaq-mvl-Hfs9L6QAAABg"]
[Thu Jun 11 16:57:14.562864 2026] [security2:error] [pid 21243:tid 21256] [client 34.64.174.29:38644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEEKTwdTIu69rj418OwAAAMo"]
[Thu Jun 11 16:57:14.578960 2026] [security2:error] [pid 3902:tid 3927] [client 34.64.174.29:38658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEP8lKn4qdPkDWlBM1QAAARI"]
[Thu Jun 11 16:57:14.838595 2026] [security2:error] [pid 5830:tid 5836] [client 34.64.174.29:38670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEJQ1oEsc4pCWMDMT_wAAAUE"]
[Thu Jun 11 16:57:14.840378 2026] [security2:error] [pid 21296:tid 21312] [client 34.64.174.29:38680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEKzVaq-mvl-Hfs9L6wAAAA0"]
[Thu Jun 11 16:57:14.880025 2026] [security2:error] [pid 21295:tid 21326] [client 34.64.174.29:38660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEDlbUCMVJYfLxkpfVAAAAIA"]
[Thu Jun 11 16:57:14.975105 2026] [security2:error] [pid 21243:tid 21251] [client 34.64.174.29:38674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEUKTwdTIu69rj418RAAAAMU"]
[Thu Jun 11 16:57:15.044532 2026] [security2:error] [pid 21296:tid 21311] [client 34.64.174.29:38688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEazVaq-mvl-Hfs9L7AAAAAw"]
[Thu Jun 11 16:57:15.225911 2026] [security2:error] [pid 5830:tid 5845] [client 34.64.174.29:38694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEZQ1oEsc4pCWMDMUAwAAAUo"]
[Thu Jun 11 16:57:15.324085 2026] [security2:error] [pid 3902:tid 3921] [client 34.64.174.29:38696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEf8lKn4qdPkDWlBM3gAAAQw"]
[Thu Jun 11 16:57:15.325793 2026] [security2:error] [pid 3902:tid 3916] [client 34.64.174.29:38708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEf8lKn4qdPkDWlBM2wAAAQc"]
[Thu Jun 11 16:57:15.430105 2026] [security2:error] [pid 5830:tid 5838] [client 34.64.174.29:38718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEZQ1oEsc4pCWMDMUBQAAAUM"]
[Thu Jun 11 16:57:15.472156 2026] [security2:error] [pid 21296:tid 21316] [client 34.64.174.29:38738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEazVaq-mvl-Hfs9L7wAAABE"]
[Thu Jun 11 16:57:15.625873 2026] [security2:error] [pid 5830:tid 5839] [client 34.64.174.29:38724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEZQ1oEsc4pCWMDMUBgAAAUQ"]
[Thu Jun 11 16:57:15.714853 2026] [security2:error] [pid 21243:tid 21264] [client 34.64.174.29:38726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEUKTwdTIu69rj418SAAAANI"]
[Thu Jun 11 16:57:15.714879 2026] [security2:error] [pid 21295:tid 21336] [client 34.64.174.29:38772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTETlbUCMVJYfLxkpfWAAAAIo"]
[Thu Jun 11 16:57:15.972777 2026] [security2:error] [pid 5830:tid 5842] [client 34.64.174.29:38756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEZQ1oEsc4pCWMDMUCQAAAUc"]
[Thu Jun 11 16:57:15.993287 2026] [security2:error] [pid 21296:tid 21315] [client 34.64.174.29:38750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEazVaq-mvl-Hfs9L8QAAABA"]
[Thu Jun 11 16:57:16.040104 2026] [security2:error] [pid 3902:tid 3919] [client 34.64.174.29:38812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEv8lKn4qdPkDWlBM4AAAAQo"]
[Thu Jun 11 16:57:16.147904 2026] [security2:error] [pid 21295:tid 21349] [client 34.64.174.29:38788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEjlbUCMVJYfLxkpfWgAAAJc"]
[Thu Jun 11 16:57:16.151898 2026] [security2:error] [pid 21296:tid 21304] [client 34.64.174.29:38802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEqzVaq-mvl-Hfs9L8wAAAAQ"]
[Thu Jun 11 16:57:16.429752 2026] [security2:error] [pid 21243:tid 21254] [client 34.64.174.29:38820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEkKTwdTIu69rj418TQAAAMg"]
[Thu Jun 11 16:57:16.498840 2026] [security2:error] [pid 3902:tid 3910] [client 34.64.174.29:38780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEv8lKn4qdPkDWlBM4wAAAQE"]
[Thu Jun 11 16:57:16.547243 2026] [security2:error] [pid 21296:tid 21317] [client 34.64.174.29:38826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEqzVaq-mvl-Hfs9L9gAAABI"]
[Thu Jun 11 16:57:16.612695 2026] [security2:error] [pid 21295:tid 21350] [client 34.64.174.29:38852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEjlbUCMVJYfLxkpfXgAAAJg"]
[Thu Jun 11 16:57:16.659998 2026] [security2:error] [pid 21243:tid 21249] [client 34.64.174.29:38846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE0KTwdTIu69rj418UgAAAMM"]
[Thu Jun 11 16:57:16.954173 2026] [security2:error] [pid 21243:tid 21257] [client 34.64.174.29:38862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE0KTwdTIu69rj418VAAAAMs"]
[Thu Jun 11 16:57:17.170994 2026] [security2:error] [pid 21296:tid 21308] [client 34.64.174.29:38848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE6zVaq-mvl-Hfs9L-AAAAAk"]
[Thu Jun 11 16:57:17.267175 2026] [security2:error] [pid 3902:tid 3911] [client 34.64.174.29:38838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE_8lKn4qdPkDWlBM6AAAAQI"]
[Thu Jun 11 16:57:17.312622 2026] [security2:error] [pid 5830:tid 5853] [client 34.64.174.29:38872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE5Q1oEsc4pCWMDMUEAAAAVI"]
[Thu Jun 11 16:57:17.394866 2026] [security2:error] [pid 21295:tid 21347] [client 34.64.174.29:38882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEzlbUCMVJYfLxkpfYQAAAJU"]
[Thu Jun 11 16:57:17.604141 2026] [security2:error] [pid 21296:tid 21301] [client 34.64.174.29:38908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE6zVaq-mvl-Hfs9L-QAAAAE"]
[Thu Jun 11 16:57:17.650193 2026] [security2:error] [pid 21243:tid 21262] [client 34.64.174.29:38892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE0KTwdTIu69rj418VQAAANA"]
[Thu Jun 11 16:57:17.692700 2026] [security2:error] [pid 21295:tid 21345] [client 34.64.174.29:38914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEzlbUCMVJYfLxkpfZAAAAJM"]
[Thu Jun 11 16:57:17.760973 2026] [security2:error] [pid 3902:tid 3926] [client 34.64.174.29:38896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE_8lKn4qdPkDWlBM6QAAARE"]
[Thu Jun 11 16:57:17.775864 2026] [security2:error] [pid 21296:tid 21314] [client 34.64.174.29:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTE6zVaq-mvl-Hfs9L-wAAAA8"]
[Thu Jun 11 16:57:18.009523 2026] [security2:error] [pid 21295:tid 21337] [client 34.64.174.29:38956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTEzlbUCMVJYfLxkpfZgAAAIs"]
[Thu Jun 11 16:57:18.103887 2026] [security2:error] [pid 21296:tid 21306] [client 34.64.174.29:38986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFKzVaq-mvl-Hfs9L_AAAAAc"]
[Thu Jun 11 16:57:18.118888 2026] [security2:error] [pid 3902:tid 3928] [client 34.64.174.29:38966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFP8lKn4qdPkDWlBM6wAAARM"]
[Thu Jun 11 16:57:18.151267 2026] [security2:error] [pid 21295:tid 21332] [client 34.64.174.29:38948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFDlbUCMVJYfLxkpfZwAAAIY"]
[Thu Jun 11 16:57:18.174908 2026] [security2:error] [pid 5830:tid 5848] [client 34.64.174.29:38980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFJQ1oEsc4pCWMDMUFAAAAU0"]
[Thu Jun 11 16:57:18.423268 2026] [security2:error] [pid 3902:tid 3920] [client 34.64.174.29:38940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFP8lKn4qdPkDWlBM7AAAAQs"]
[Thu Jun 11 16:57:18.523110 2026] [security2:error] [pid 5830:tid 5858] [client 34.64.174.29:38990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFJQ1oEsc4pCWMDMUFgAAAVc"]
[Thu Jun 11 16:57:18.588368 2026] [security2:error] [pid 21296:tid 21321] [client 34.64.174.29:39022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFKzVaq-mvl-Hfs9L_gAAABY"]
[Thu Jun 11 16:57:18.642216 2026] [security2:error] [pid 5830:tid 5854] [client 34.64.174.29:39008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFJQ1oEsc4pCWMDMUGQAAAVM"]
[Thu Jun 11 16:57:18.669320 2026] [security2:error] [pid 21243:tid 21258] [client 34.64.174.29:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFEKTwdTIu69rj418WwAAAMw"]
[Thu Jun 11 16:57:18.813173 2026] [security2:error] [pid 21243:tid 21260] [client 34.64.174.29:39036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFEKTwdTIu69rj418YAAAAM4"]
[Thu Jun 11 16:57:19.026022 2026] [security2:error] [pid 25848:tid 25868] [client 34.64.174.29:39048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFEu3w-1taBUoJpFWtwAAAEg"]
[Thu Jun 11 16:57:19.039195 2026] [security2:error] [pid 5830:tid 5844] [client 34.64.174.29:39024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFZQ1oEsc4pCWMDMUHAAAAUk"]
[Thu Jun 11 16:57:19.076944 2026] [security2:error] [pid 21296:tid 21320] [client 34.64.174.29:39058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFazVaq-mvl-Hfs9MAAAAABU"]
[Thu Jun 11 16:57:19.194085 2026] [security2:error] [pid 25848:tid 25866] [client 34.64.174.29:39060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWuQAAAEY"]
[Thu Jun 11 16:57:19.365827 2026] [security2:error] [pid 25848:tid 25865] [client 34.64.174.29:39068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWugAAAEU"]
[Thu Jun 11 16:57:19.488835 2026] [security2:error] [pid 25848:tid 25869] [client 34.64.174.29:39086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWvAAAAEk"]
[Thu Jun 11 16:57:19.503266 2026] [security2:error] [pid 25848:tid 25867] [client 34.64.174.29:39074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWuwAAAEc"]
[Thu Jun 11 16:57:19.593277 2026] [security2:error] [pid 25848:tid 25878] [client 34.64.174.29:39076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWvQAAAFI"]
[Thu Jun 11 16:57:19.688509 2026] [security2:error] [pid 25848:tid 25882] [client 34.64.174.29:39094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWvgAAAFY"]
[Thu Jun 11 16:57:19.858523 2026] [security2:error] [pid 25848:tid 25870] [client 34.64.174.29:39106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWvwAAAEo"]
[Thu Jun 11 16:57:19.923038 2026] [security2:error] [pid 21295:tid 21342] [client 34.64.174.29:39088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFTlbUCMVJYfLxkpfbwAAAJA"]
[Thu Jun 11 16:57:20.010894 2026] [security2:error] [pid 25848:tid 25884] [client 34.64.174.29:39120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUu3w-1taBUoJpFWwAAAAFg"]
[Thu Jun 11 16:57:20.050001 2026] [security2:error] [pid 21243:tid 21267] [client 34.64.174.29:39110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFUKTwdTIu69rj418ZQAAANU"]
[Thu Jun 11 16:57:20.069683 2026] [security2:error] [pid 25848:tid 25879] [client 34.64.174.29:39136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWwwAAAFM"]
[Thu Jun 11 16:57:20.250871 2026] [security2:error] [pid 21243:tid 21252] [client 34.64.174.29:39142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFkKTwdTIu69rj418ZgAAAMY"]
[Thu Jun 11 16:57:20.341321 2026] [security2:error] [pid 25848:tid 25880] [client 34.64.174.29:39150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWxQAAAFQ"]
[Thu Jun 11 16:57:20.381904 2026] [security2:error] [pid 25848:tid 25874] [client 34.64.174.29:39152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWxwAAAE4"]
[Thu Jun 11 16:57:20.387836 2026] [security2:error] [pid 25848:tid 25862] [client 34.64.174.29:39166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWxgAAAEI"]
[Thu Jun 11 16:57:20.390450 2026] [security2:error] [pid 25848:tid 25861] [client 34.64.174.29:39148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWxAAAAEE"]
[Thu Jun 11 16:57:20.616522 2026] [security2:error] [pid 3902:tid 3918] [client 34.64.174.29:39168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFv8lKn4qdPkDWlBM-AAAAQk"]
[Thu Jun 11 16:57:20.669183 2026] [security2:error] [pid 25848:tid 25875] [client 34.64.174.29:39182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWyAAAAE8"]
[Thu Jun 11 16:57:20.696908 2026] [security2:error] [pid 25848:tid 25864] [client 34.64.174.29:39234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWyQAAAEQ"]
[Thu Jun 11 16:57:20.830062 2026] [security2:error] [pid 25848:tid 25863] [client 34.64.174.29:39212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWygAAAEM"]
[Thu Jun 11 16:57:20.939427 2026] [security2:error] [pid 21243:tid 21255] [client 34.64.174.29:39224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFkKTwdTIu69rj418bAAAAMk"]
[Thu Jun 11 16:57:21.035510 2026] [security2:error] [pid 25848:tid 25871] [client 34.64.174.29:39236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWywAAAEs"]
[Thu Jun 11 16:57:21.074896 2026] [security2:error] [pid 3902:tid 3933] [client 34.64.174.29:39282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFv8lKn4qdPkDWlBM-QAAARg"]
[Thu Jun 11 16:57:21.161904 2026] [security2:error] [pid 25848:tid 25877] [client 34.64.174.29:39270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWzQAAAFE"]
[Thu Jun 11 16:57:21.298508 2026] [security2:error] [pid 21295:tid 21328] [client 34.64.174.29:39244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFjlbUCMVJYfLxkpfdAAAAII"]
[Thu Jun 11 16:57:21.299061 2026] [security2:error] [pid 25848:tid 25872] [client 34.64.174.29:39256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFku3w-1taBUoJpFWzgAAAEw"]
[Thu Jun 11 16:57:21.494843 2026] [security2:error] [pid 21243:tid 21248] [client 34.64.174.29:39272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFkKTwdTIu69rj418bQAAAMI"]
[Thu Jun 11 16:57:21.515897 2026] [security2:error] [pid 25848:tid 25860] [client 34.64.174.29:39196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0u3w-1taBUoJpFWzwAAAEA"]
[Thu Jun 11 16:57:21.568380 2026] [security2:error] [pid 25848:tid 25881] [client 34.64.174.29:39292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0u3w-1taBUoJpFW0AAAAFU"]
[Thu Jun 11 16:57:21.746086 2026] [security2:error] [pid 25848:tid 25873] [client 34.64.174.29:39310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0u3w-1taBUoJpFW0gAAAE0"]
[Thu Jun 11 16:57:21.774951 2026] [security2:error] [pid 25848:tid 25876] [client 34.64.174.29:39296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0u3w-1taBUoJpFW0QAAAFA"]
[Thu Jun 11 16:57:21.929860 2026] [security2:error] [pid 5830:tid 5846] [client 34.64.174.29:39330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF5Q1oEsc4pCWMDMUJwAAAUs"]
[Thu Jun 11 16:57:21.987479 2026] [security2:error] [pid 21295:tid 21343] [client 34.64.174.29:39316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFzlbUCMVJYfLxkpfdQAAAJE"]
[Thu Jun 11 16:57:22.061904 2026] [security2:error] [pid 21296:tid 21307] [client 34.64.174.29:39338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF6zVaq-mvl-Hfs9MBAAAAAg"]
[Thu Jun 11 16:57:22.171857 2026] [security2:error] [pid 21243:tid 21253] [client 34.64.174.29:39350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0KTwdTIu69rj418cgAAAMc"]
[Thu Jun 11 16:57:22.220955 2026] [security2:error] [pid 25848:tid 25883] [client 34.64.174.29:39370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF0u3w-1taBUoJpFW0wAAAFc"]
[Thu Jun 11 16:57:22.406062 2026] [security2:error] [pid 3902:tid 3913] [client 34.64.174.29:39360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF_8lKn4qdPkDWlBM_gAAAQQ"]
[Thu Jun 11 16:57:22.447933 2026] [security2:error] [pid 21295:tid 21335] [client 34.64.174.29:39382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTFzlbUCMVJYfLxkpfeQAAAIk"]
[Thu Jun 11 16:57:22.451261 2026] [security2:error] [pid 3902:tid 3914] [client 34.64.174.29:39372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF_8lKn4qdPkDWlBM_wAAAQU"]
[Thu Jun 11 16:57:22.538932 2026] [security2:error] [pid 21296:tid 21318] [client 34.64.174.29:39384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aisTF6zVaq-mvl-Hfs9MBQAAABM"]
[Thu Jun 11 16:58:45.386074 2026] [security2:error] [pid 3902:tid 3911] [client 45.148.10.67:7822] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisTdf8lKn4qdPkDWlBODAAAAQI"]
[Thu Jun 11 16:58:45.754075 2026] [security2:error] [pid 21296:tid 21313] [client 45.148.10.67:7836] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisTdazVaq-mvl-Hfs9NfAAAAA4"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 16:59:00.073291 2026] [security2:error] [pid 21296:tid 21319] [client 45.148.10.67:27548] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisThKzVaq-mvl-Hfs9NvAAAABQ"]
[Thu Jun 11 17:02:23.521713 2026] [security2:error] [pid 25848:tid 25875] [client 46.151.178.13:35996] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisUT0u3w-1taBUoJpFaPwAAAE8"], referer: http://13.84.161.190:443/
[Thu Jun 11 17:08:48.971132 2026] [security2:error] [pid 25848:tid 25868] [client 74.7.242.25:60362] ModSecurity: Warning. Matched phrase "etc/apache2/conf/httpd.conf" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/apache2/conf/httpd.conf found within ARGS:fileloc: /etc/apache2/conf/httpd.conf.datastore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisV0Eu3w-1taBUoJpFgXgAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc/apache2/conf
[Thu Jun 11 17:08:48.971933 2026] [security2:error] [pid 25848:tid 25868] [client 74.7.242.25:60362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisV0Eu3w-1taBUoJpFgXgAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc/apache2/conf
[Thu Jun 11 17:08:48.972196 2026] [security2:error] [pid 25848:tid 25868] [client 74.7.242.25:60362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aisV0Eu3w-1taBUoJpFgXgAAAEg"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//etc/apache2/conf
[Thu Jun 11 17:10:12.498799 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Thu Jun 11 17:10:12.602532 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/aboutc.php
[Thu Jun 11 17:10:12.727691 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/txets.php
[Thu Jun 11 17:10:12.835781 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/obfuscate.php
[Thu Jun 11 17:10:12.940524 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/harvestry.php
[Thu Jun 11 17:10:13.055450 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/w3llstore.php
[Thu Jun 11 17:10:13.178812 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/leaf.php
[Thu Jun 11 17:10:13.286541 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/000.php
[Thu Jun 11 17:10:13.416207 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/alr.php
[Thu Jun 11 17:10:13.523026 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-omao.php
[Thu Jun 11 17:10:13.632725 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wplogbak.php
[Thu Jun 11 17:10:13.739211 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/file3.php
[Thu Jun 11 17:10:13.902098 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/autovirgi.php
[Thu Jun 11 17:10:14.006881 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/nurseling.php
[Thu Jun 11 17:10:14.128456 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/w2025.php
[Thu Jun 11 17:10:14.235048 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/cx.php
[Thu Jun 11 17:10:14.359843 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/p-blog.php
[Thu Jun 11 17:10:14.548376 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-wlx.php
[Thu Jun 11 17:10:14.668700 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/x123.php
[Thu Jun 11 17:10:14.780987 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/drykl.php
[Thu Jun 11 17:10:14.898270 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/file6.php
[Thu Jun 11 17:10:15.006839 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/Okxob.php
[Thu Jun 11 17:10:15.110915 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/new4.php
[Thu Jun 11 17:10:15.241718 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/hroxw.php
[Thu Jun 11 17:10:15.363153 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-blogs.php
[Thu Jun 11 17:10:15.471836 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/set.php
[Thu Jun 11 17:10:15.586751 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/lib.php
[Thu Jun 11 17:10:15.840969 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ws57.php
[Thu Jun 11 17:10:15.951946 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/domains.php
[Thu Jun 11 17:10:16.107779 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/222.php
[Thu Jun 11 17:10:16.223713 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/166.php
[Thu Jun 11 17:10:16.329847 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/term.php
[Thu Jun 11 17:10:16.478714 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/666.php
[Thu Jun 11 17:10:16.594140 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/tt.php
[Thu Jun 11 17:10:16.698793 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/sid3.php
[Thu Jun 11 17:10:16.801766 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/66.php
[Thu Jun 11 17:10:16.909428 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-the.php
[Thu Jun 11 17:10:17.167930 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/jga.php
[Thu Jun 11 17:10:17.274096 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-blog-header.php
[Thu Jun 11 17:10:17.377811 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/bmi.php
[Thu Jun 11 17:10:17.480676 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/byypas.php
[Thu Jun 11 17:10:17.744725 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-png.php
[Thu Jun 11 17:10:17.881704 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wen.php
[Thu Jun 11 17:10:17.986847 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/plugin-install.php
[Thu Jun 11 17:10:18.233892 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-kikikoko.php
[Thu Jun 11 17:10:18.357007 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/hplfuns.php
[Thu Jun 11 17:10:18.575694 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/shell.php
[Thu Jun 11 17:10:18.680652 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/new.php
[Thu Jun 11 17:10:18.915009 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ws48.php
[Thu Jun 11 17:10:19.017923 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/8.php
[Thu Jun 11 17:10:19.172920 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/dass.php
[Thu Jun 11 17:10:19.302038 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-p2r3q9c8k4.php
[Thu Jun 11 17:10:19.561678 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ok.php
[Thu Jun 11 17:10:19.667064 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/eetu.php
[Thu Jun 11 17:10:19.780102 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ws66.php
[Thu Jun 11 17:10:19.888290 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/file61.php
[Thu Jun 11 17:10:19.991988 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/asd.php
[Thu Jun 11 17:10:20.157736 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/xx.php
[Thu Jun 11 17:10:20.277634 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/a5.php
[Thu Jun 11 17:10:20.380135 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/cu.php
[Thu Jun 11 17:10:20.486135 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/amax.php
[Thu Jun 11 17:10:20.614771 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/mh.php
[Thu Jun 11 17:10:20.731865 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/Jcrop.php
[Thu Jun 11 17:10:20.834884 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/abc.php
[Thu Jun 11 17:10:20.948189 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/inputs.php
[Thu Jun 11 17:10:21.058257 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/bnm.php
[Thu Jun 11 17:10:21.228121 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ws80.php
[Thu Jun 11 17:10:21.551953 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/s.php
[Thu Jun 11 17:10:21.669756 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/tymn.php
[Thu Jun 11 17:10:21.819878 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-links-opml.php
[Thu Jun 11 17:10:21.931398 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp5.php
[Thu Jun 11 17:10:22.041281 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ms.php
[Thu Jun 11 17:10:22.147414 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-access.php
[Thu Jun 11 17:10:22.261719 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-class-atom.php
[Thu Jun 11 17:10:22.390990 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ms-edit.php
[Thu Jun 11 17:10:22.521310 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/press.php
[Thu Jun 11 17:10:22.631843 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/900.php
[Thu Jun 11 17:10:22.753484 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-links-opml.php
[Thu Jun 11 17:10:22.888789 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/jk.php
[Thu Jun 11 17:10:22.990881 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/dx.php
[Thu Jun 11 17:10:23.102059 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/aa.php
[Thu Jun 11 17:10:23.210427 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/mini.php
[Thu Jun 11 17:10:23.319990 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/fs.php
[Thu Jun 11 17:10:23.450014 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/mode.php
[Thu Jun 11 17:10:23.557971 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/1.php
[Thu Jun 11 17:10:23.693884 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/wp-block.php
[Thu Jun 11 17:10:23.856667 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/ws88.php
[Thu Jun 11 17:10:23.963773 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/adoms.php
[Thu Jun 11 17:10:24.066687 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/plugin-editor.php
[Thu Jun 11 17:10:24.173258 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/8573.php
[Thu Jun 11 17:10:24.279838 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/an.php
[Thu Jun 11 17:10:24.400430 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/t.php
[Thu Jun 11 17:10:24.667796 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/profile.php
[Thu Jun 11 17:10:24.775947 2026] [:error] [pid 3902:tid 3919] [client 158.158.76.1:57155] File does not exist: /disk001/machen/public_html/suporte/gaza.php
[Thu Jun 11 17:10:25.181050 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/kj.php
[Thu Jun 11 17:10:25.378177 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/aboute.php
[Thu Jun 11 17:10:25.513305 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/ws82.php
[Thu Jun 11 17:10:25.619097 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/edit.php
[Thu Jun 11 17:10:25.734949 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/yw5bi63u.php
[Thu Jun 11 17:10:25.851810 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/tool.php
[Thu Jun 11 17:10:26.060453 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/bgymj.php
[Thu Jun 11 17:10:26.165795 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/wp-good.php
[Thu Jun 11 17:10:26.305166 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/class-t.api.php
[Thu Jun 11 17:10:26.445106 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/mk.php
[Thu Jun 11 17:10:26.554915 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/gettest.php
[Thu Jun 11 17:10:26.709305 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/a4.php
[Thu Jun 11 17:10:26.965244 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/rip.php
[Thu Jun 11 17:10:27.066879 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/ioxi-o.php
[Thu Jun 11 17:10:27.172922 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/zoo.php
[Thu Jun 11 17:10:27.292996 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/admlo.php
[Thu Jun 11 17:10:27.418080 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/gcqoa.php
[Thu Jun 11 17:10:27.539214 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/xxx.php
[Thu Jun 11 17:10:27.676756 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/b.php
[Thu Jun 11 17:10:27.779315 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/grsiuk.php
[Thu Jun 11 17:10:27.906138 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/wp-class-api.php
[Thu Jun 11 17:10:28.011917 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/bolt.php
[Thu Jun 11 17:10:28.127237 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/gifclass.php
[Thu Jun 11 17:10:28.238899 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/ccs.php
[Thu Jun 11 17:10:28.539941 2026] [:error] [pid 2253:tid 2273] [client 158.158.76.1:57275] File does not exist: /disk001/machen/public_html/suporte/first.php
[Thu Jun 11 17:16:01.948476 2026] [security2:error] [pid 5830:tid 5853] [client 43.159.62.163:57636] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisXgZQ1oEsc4pCWMDMrCwAAAVI"], referer: http://13.84.161.190
[Thu Jun 11 17:16:01.948600 2026] [security2:error] [pid 5830:tid 5853] [client 43.159.62.163:57636] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisXgZQ1oEsc4pCWMDMrCwAAAVI"], referer: http://13.84.161.190
[Thu Jun 11 17:16:01.949219 2026] [security2:error] [pid 5830:tid 5853] [client 43.159.62.163:57636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisXgZQ1oEsc4pCWMDMrCwAAAVI"], referer: http://13.84.161.190
[Thu Jun 11 17:16:02.068641 2026] [security2:error] [pid 5830:tid 5853] [client 43.159.62.163:57636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisXgZQ1oEsc4pCWMDMrCwAAAVI"], referer: http://13.84.161.190
[Thu Jun 11 17:21:46.588649 2026] [security2:error] [pid 1658:tid 1673] [client 46.151.178.13:54618] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisY2suk7NsHZDqaWIQKoAAAAAw"], referer: http://13.66.22.226:443/
[Thu Jun 11 17:25:10.241049 2026] [security2:error] [pid 1658:tid 1680] [client 192.253.248.169:12232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisZpsuk7NsHZDqaWIQNJgAAABM"]
[Thu Jun 11 17:25:10.241457 2026] [security2:error] [pid 1658:tid 1680] [client 192.253.248.169:12232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisZpsuk7NsHZDqaWIQNJgAAABM"]
[Thu Jun 11 17:25:10.241822 2026] [security2:error] [pid 1658:tid 1680] [client 192.253.248.169:12232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aisZpsuk7NsHZDqaWIQNJgAAABM"]
[Thu Jun 11 17:25:10.242806 2026] [security2:error] [pid 1658:tid 1680] [client 192.253.248.169:12232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisZpsuk7NsHZDqaWIQNJgAAABM"]
[Thu Jun 11 17:25:10.505899 2026] [security2:error] [pid 2253:tid 2262] [client 192.253.248.169:47296] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aisZpphbxTmX9uu_dprkigAAAIM"]
[Thu Jun 11 17:25:10.506186 2026] [security2:error] [pid 2253:tid 2262] [client 192.253.248.169:47296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aisZpphbxTmX9uu_dprkigAAAIM"]
[Thu Jun 11 17:25:10.506443 2026] [security2:error] [pid 2253:tid 2262] [client 192.253.248.169:47296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aisZpphbxTmX9uu_dprkigAAAIM"]
[Thu Jun 11 17:25:10.507499 2026] [security2:error] [pid 2253:tid 2262] [client 192.253.248.169:47296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisZpphbxTmX9uu_dprkigAAAIM"]
[Thu Jun 11 17:25:10.784765 2026] [security2:error] [pid 25848:tid 25866] [client 192.253.248.169:26298] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aisZpku3w-1taBUoJpF0TwAAAEY"]
[Thu Jun 11 17:25:10.785013 2026] [security2:error] [pid 25848:tid 25866] [client 192.253.248.169:26298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aisZpku3w-1taBUoJpF0TwAAAEY"]
[Thu Jun 11 17:25:10.785269 2026] [security2:error] [pid 25848:tid 25866] [client 192.253.248.169:26298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aisZpku3w-1taBUoJpF0TwAAAEY"]
[Thu Jun 11 17:25:10.786166 2026] [security2:error] [pid 25848:tid 25866] [client 192.253.248.169:26298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisZpku3w-1taBUoJpF0TwAAAEY"]
[Thu Jun 11 17:25:12.339486 2026] [security2:error] [pid 5830:tid 5845] [client 192.253.248.169:30558] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aisZqJQ1oEsc4pCWMDMztgAAAUo"]
[Thu Jun 11 17:25:12.339967 2026] [security2:error] [pid 5830:tid 5845] [client 192.253.248.169:30558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aisZqJQ1oEsc4pCWMDMztgAAAUo"]
[Thu Jun 11 17:25:12.340278 2026] [security2:error] [pid 5830:tid 5845] [client 192.253.248.169:30558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aisZqJQ1oEsc4pCWMDMztgAAAUo"]
[Thu Jun 11 17:25:12.341361 2026] [security2:error] [pid 5830:tid 5845] [client 192.253.248.169:30558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisZqJQ1oEsc4pCWMDMztgAAAUo"]
[Thu Jun 11 17:25:16.379247 2026] [security2:error] [pid 5830:tid 5839] [client 192.253.248.169:46240] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aisZrJQ1oEsc4pCWMDMzxQAAAUQ"]
[Thu Jun 11 17:25:16.379550 2026] [security2:error] [pid 5830:tid 5839] [client 192.253.248.169:46240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aisZrJQ1oEsc4pCWMDMzxQAAAUQ"]
[Thu Jun 11 17:25:16.379856 2026] [security2:error] [pid 5830:tid 5839] [client 192.253.248.169:46240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aisZrJQ1oEsc4pCWMDMzxQAAAUQ"]
[Thu Jun 11 17:25:16.380738 2026] [security2:error] [pid 5830:tid 5839] [client 192.253.248.169:46240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aisZrJQ1oEsc4pCWMDMzxQAAAUQ"]
[Thu Jun 11 17:26:08.830882 2026] [security2:error] [pid 1658:tid 1663] [client 79.124.49.102:40072] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mics/api/v2/sentry/mics-config/handleMessage"] [unique_id "aisZ4Muk7NsHZDqaWIQNzAAAAAI"]
[Thu Jun 11 17:29:27.531109 2026] [security2:error] [pid 2253:tid 2267] [client 78.153.140.50:36460] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisap5hbxTmX9uu_dprpsgAAAIg"]
[Thu Jun 11 17:29:27.531365 2026] [security2:error] [pid 2253:tid 2267] [client 78.153.140.50:36460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisap5hbxTmX9uu_dprpsgAAAIg"]
[Thu Jun 11 17:29:27.531703 2026] [security2:error] [pid 2253:tid 2267] [client 78.153.140.50:36460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aisap5hbxTmX9uu_dprpsgAAAIg"]
[Thu Jun 11 17:29:27.840071 2026] [security2:error] [pid 2253:tid 2267] [client 78.153.140.50:36460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aisap5hbxTmX9uu_dprpsgAAAIg"]
[Thu Jun 11 17:29:28.701231 2026] [security2:error] [pid 2253:tid 2260] [client 78.153.140.50:45358] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisaqJhbxTmX9uu_dprpugAAAIE"]
[Thu Jun 11 17:34:40.737953 2026] [security2:error] [pid 2253:tid 2273] [client 18.205.63.110:32647] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisb4JhbxTmX9uu_dpruiAAAAI4"]
[Thu Jun 11 17:34:40.981598 2026] [security2:error] [pid 25848:tid 25879] [client 18.205.63.110:48663] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisb4Eu3w-1taBUoJpF-TAAAAFM"]
[Thu Jun 11 17:34:41.016780 2026] [security2:error] [pid 25848:tid 25879] [client 18.205.63.110:48663] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisb4Uu3w-1taBUoJpF-TgAAAFM"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 17:37:18.611654 2026] [security2:error] [pid 1658:tid 1663] [client 74.7.242.25:55018] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/limits found within ARGS:path: /proc/7722/root/proc/self/root/etc/security/limits.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiscfsuk7NsHZDqaWIQcTAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc/security
[Thu Jun 11 17:37:18.612199 2026] [security2:error] [pid 1658:tid 1663] [client 74.7.242.25:55018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiscfsuk7NsHZDqaWIQcTAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc/security
[Thu Jun 11 17:37:18.612442 2026] [security2:error] [pid 1658:tid 1663] [client 74.7.242.25:55018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aiscfsuk7NsHZDqaWIQcTAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc/security
[Thu Jun 11 17:37:40.944362 2026] [:error] [pid 1658:tid 1681] [client 132.196.49.109:24593] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Thu Jun 11 17:37:40.969139 2026] [:error] [pid 1658:tid 1681] [client 132.196.49.109:24593] File does not exist: /disk001/machen/public_html/suporte/wp-Blogs.php
[Thu Jun 11 17:43:12.896079 2026] [security2:error] [pid 5830:tid 5850] [client 18.221.197.55:36840] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisd4JQ1oEsc4pCWMDNG0QAAAU8"], referer: http://13.84.161.190/
[Thu Jun 11 17:48:38.718077 2026] [security2:error] [pid 1658:tid 1684] [client 18.219.106.116:37526] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisfJsuk7NsHZDqaWIQmIwAAABc"]
[Thu Jun 11 17:50:55.826768 2026] [security2:error] [pid 25848:tid 25866] [client 18.219.106.116:64582] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisfr0u3w-1taBUoJpGOzwAAAEY"]
[Thu Jun 11 17:59:00.092649 2026] [security2:error] [pid 25848:tid 25882] [client 150.109.46.88:60036] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aishlEu3w-1taBUoJpGW1QAAAFY"]
[Thu Jun 11 17:59:00.092740 2026] [security2:error] [pid 25848:tid 25882] [client 150.109.46.88:60036] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aishlEu3w-1taBUoJpGW1QAAAFY"]
[Thu Jun 11 17:59:00.093284 2026] [security2:error] [pid 25848:tid 25882] [client 150.109.46.88:60036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aishlEu3w-1taBUoJpGW1QAAAFY"]
[Thu Jun 11 17:59:00.094141 2026] [security2:error] [pid 25848:tid 25882] [client 150.109.46.88:60036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aishlEu3w-1taBUoJpGW1QAAAFY"]
[Thu Jun 11 18:02:00.988901 2026] [security2:error] [pid 2253:tid 2282] [client 13.86.193.51:49232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisiSJhbxTmX9uu_dpoLKAAAAJc"]
[Thu Jun 11 18:02:02.518820 2026] [security2:error] [pid 2253:tid 2282] [client 13.86.193.51:49232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisiSphbxTmX9uu_dpoLLQAAAJc"]
[Thu Jun 11 18:02:03.950230 2026] [ssl:error] [pid 2253:tid 2282] [client 13.86.193.51:49232] AH02032: Hostname machen.ai (default host as no SNI was provided) and hostname fmgyd.machen.ai provided via HTTP have no compatible SSL setup for policy 'secure'
[Thu Jun 11 18:02:49.884130 2026] [security2:error] [pid 1658:tid 1668] [client 52.15.74.178:15270] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisiecuk7NsHZDqaWIQ4AwAAAAc"]
[Thu Jun 11 18:10:33.292458 2026] [security2:error] [pid 25848:tid 25860] [client 43.131.32.36:50866] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiskSUu3w-1taBUoJpGj8AAAAEA"]
[Thu Jun 11 18:17:49.783331 2026] [core:error] [pid 1658:tid 1677] [client 143.20.49.38:55134] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 18:17:50.844345 2026] [core:error] [pid 25848:tid 25882] [client 143.20.49.38:55148] AH10244: invalid URI path (/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh)
[Thu Jun 11 18:17:52.240859 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aismAEu3w-1taBUoJpGrAwAAAFI"]
[Thu Jun 11 18:17:52.241233 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aismAEu3w-1taBUoJpGrAwAAAFI"]
[Thu Jun 11 18:17:52.241386 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "198"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aismAEu3w-1taBUoJpGrAwAAAFI"]
[Thu Jun 11 18:17:52.242000 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aismAEu3w-1taBUoJpGrAwAAAFI"]
[Thu Jun 11 18:17:52.242920 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismAEu3w-1taBUoJpGrAwAAAFI"]
[Thu Jun 11 18:17:53.317210 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aismAUu3w-1taBUoJpGrCgAAAFI"]
[Thu Jun 11 18:17:53.317635 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aismAUu3w-1taBUoJpGrCgAAAFI"]
[Thu Jun 11 18:17:53.317731 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "198"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aismAUu3w-1taBUoJpGrCgAAAFI"]
[Thu Jun 11 18:17:53.318219 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aismAUu3w-1taBUoJpGrCgAAAFI"]
[Thu Jun 11 18:17:53.319220 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismAUu3w-1taBUoJpGrCgAAAFI"]
[Thu Jun 11 18:17:53.987390 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismAUu3w-1taBUoJpGrDAAAAFI"]
[Thu Jun 11 18:17:53.987501 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismAUu3w-1taBUoJpGrDAAAAFI"]
[Thu Jun 11 18:17:53.987558 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismAUu3w-1taBUoJpGrDAAAAFI"]
[Thu Jun 11 18:17:53.988090 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismAUu3w-1taBUoJpGrDAAAAFI"]
[Thu Jun 11 18:17:53.988972 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismAUu3w-1taBUoJpGrDAAAAFI"]
[Thu Jun 11 18:17:54.594402 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismAku3w-1taBUoJpGrEAAAAFI"]
[Thu Jun 11 18:17:54.594505 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismAku3w-1taBUoJpGrEAAAAFI"]
[Thu Jun 11 18:17:54.594564 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismAku3w-1taBUoJpGrEAAAAFI"]
[Thu Jun 11 18:17:54.594964 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismAku3w-1taBUoJpGrEAAAAFI"]
[Thu Jun 11 18:17:54.595925 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismAku3w-1taBUoJpGrEAAAAFI"]
[Thu Jun 11 18:17:55.321730 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrFAAAAFI"]
[Thu Jun 11 18:17:55.321842 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrFAAAAFI"]
[Thu Jun 11 18:17:55.321902 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrFAAAAFI"]
[Thu Jun 11 18:17:55.322288 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrFAAAAFI"]
[Thu Jun 11 18:17:55.323150 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismA0u3w-1taBUoJpGrFAAAAFI"]
[Thu Jun 11 18:17:55.972440 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrGAAAAFI"]
[Thu Jun 11 18:17:55.972539 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrGAAAAFI"]
[Thu Jun 11 18:17:55.972628 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrGAAAAFI"]
[Thu Jun 11 18:17:55.973022 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismA0u3w-1taBUoJpGrGAAAAFI"]
[Thu Jun 11 18:17:55.973863 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismA0u3w-1taBUoJpGrGAAAAFI"]
[Thu Jun 11 18:17:56.587438 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aismBEu3w-1taBUoJpGrHAAAAFI"]
[Thu Jun 11 18:17:56.587567 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aismBEu3w-1taBUoJpGrHAAAAFI"]
[Thu Jun 11 18:17:56.587667 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aismBEu3w-1taBUoJpGrHAAAAFI"]
[Thu Jun 11 18:17:56.588026 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aismBEu3w-1taBUoJpGrHAAAAFI"]
[Thu Jun 11 18:17:56.589242 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismBEu3w-1taBUoJpGrHAAAAFI"]
[Thu Jun 11 18:17:57.257343 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIAAAAFI"]
[Thu Jun 11 18:17:57.257483 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIAAAAFI"]
[Thu Jun 11 18:17:57.257563 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIAAAAFI"]
[Thu Jun 11 18:17:57.258141 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIAAAAFI"]
[Thu Jun 11 18:17:57.259173 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismBUu3w-1taBUoJpGrIAAAAFI"]
[Thu Jun 11 18:17:57.950969 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIwAAAFI"]
[Thu Jun 11 18:17:57.951090 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIwAAAFI"]
[Thu Jun 11 18:17:57.951156 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIwAAAFI"]
[Thu Jun 11 18:17:57.951567 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismBUu3w-1taBUoJpGrIwAAAFI"]
[Thu Jun 11 18:17:57.952781 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismBUu3w-1taBUoJpGrIwAAAFI"]
[Thu Jun 11 18:17:58.721443 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismBku3w-1taBUoJpGrKAAAAFI"]
[Thu Jun 11 18:17:58.721537 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismBku3w-1taBUoJpGrKAAAAFI"]
[Thu Jun 11 18:17:58.721666 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismBku3w-1taBUoJpGrKAAAAFI"]
[Thu Jun 11 18:17:58.722134 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismBku3w-1taBUoJpGrKAAAAFI"]
[Thu Jun 11 18:17:58.722987 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismBku3w-1taBUoJpGrKAAAAFI"]
[Thu Jun 11 18:17:59.535637 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismB0u3w-1taBUoJpGrLAAAAFI"]
[Thu Jun 11 18:17:59.535758 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismB0u3w-1taBUoJpGrLAAAAFI"]
[Thu Jun 11 18:17:59.535822 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismB0u3w-1taBUoJpGrLAAAAFI"]
[Thu Jun 11 18:17:59.536267 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismB0u3w-1taBUoJpGrLAAAAFI"]
[Thu Jun 11 18:17:59.537427 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismB0u3w-1taBUoJpGrLAAAAFI"]
[Thu Jun 11 18:18:00.296720 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCEu3w-1taBUoJpGrMQAAAFI"]
[Thu Jun 11 18:18:00.296846 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCEu3w-1taBUoJpGrMQAAAFI"]
[Thu Jun 11 18:18:00.296968 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCEu3w-1taBUoJpGrMQAAAFI"]
[Thu Jun 11 18:18:00.297463 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCEu3w-1taBUoJpGrMQAAAFI"]
[Thu Jun 11 18:18:00.298562 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismCEu3w-1taBUoJpGrMQAAAFI"]
[Thu Jun 11 18:18:01.069290 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrNAAAAFI"]
[Thu Jun 11 18:18:01.069424 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrNAAAAFI"]
[Thu Jun 11 18:18:01.069490 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrNAAAAFI"]
[Thu Jun 11 18:18:01.069932 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrNAAAAFI"]
[Thu Jun 11 18:18:01.071058 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismCUu3w-1taBUoJpGrNAAAAFI"]
[Thu Jun 11 18:18:01.852851 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrOgAAAFI"]
[Thu Jun 11 18:18:01.853001 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrOgAAAFI"]
[Thu Jun 11 18:18:01.853109 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrOgAAAFI"]
[Thu Jun 11 18:18:01.853539 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismCUu3w-1taBUoJpGrOgAAAFI"]
[Thu Jun 11 18:18:01.854410 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismCUu3w-1taBUoJpGrOgAAAFI"]
[Thu Jun 11 18:18:02.659605 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCku3w-1taBUoJpGrPgAAAFI"]
[Thu Jun 11 18:18:02.659730 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCku3w-1taBUoJpGrPgAAAFI"]
[Thu Jun 11 18:18:02.659796 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCku3w-1taBUoJpGrPgAAAFI"]
[Thu Jun 11 18:18:02.660232 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismCku3w-1taBUoJpGrPgAAAFI"]
[Thu Jun 11 18:18:02.661249 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismCku3w-1taBUoJpGrPgAAAFI"]
[Thu Jun 11 18:18:03.456764 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismC0u3w-1taBUoJpGrQgAAAFI"]
[Thu Jun 11 18:18:03.456899 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismC0u3w-1taBUoJpGrQgAAAFI"]
[Thu Jun 11 18:18:03.456963 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismC0u3w-1taBUoJpGrQgAAAFI"]
[Thu Jun 11 18:18:03.457411 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aismC0u3w-1taBUoJpGrQgAAAFI"]
[Thu Jun 11 18:18:03.458428 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismC0u3w-1taBUoJpGrQgAAAFI"]
[Thu Jun 11 18:18:04.169441 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrSAAAAFI"]
[Thu Jun 11 18:18:04.169551 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrSAAAAFI"]
[Thu Jun 11 18:18:04.169730 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrSAAAAFI"]
[Thu Jun 11 18:18:04.170091 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrSAAAAFI"]
[Thu Jun 11 18:18:04.170946 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismDEu3w-1taBUoJpGrSAAAAFI"]
[Thu Jun 11 18:18:04.963557 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrTQAAAFI"]
[Thu Jun 11 18:18:04.963698 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrTQAAAFI"]
[Thu Jun 11 18:18:04.963766 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrTQAAAFI"]
[Thu Jun 11 18:18:04.964273 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDEu3w-1taBUoJpGrTQAAAFI"]
[Thu Jun 11 18:18:04.965275 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismDEu3w-1taBUoJpGrTQAAAFI"]
[Thu Jun 11 18:18:05.797368 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDUu3w-1taBUoJpGrUwAAAFI"]
[Thu Jun 11 18:18:05.797498 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDUu3w-1taBUoJpGrUwAAAFI"]
[Thu Jun 11 18:18:05.797566 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDUu3w-1taBUoJpGrUwAAAFI"]
[Thu Jun 11 18:18:05.798027 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDUu3w-1taBUoJpGrUwAAAFI"]
[Thu Jun 11 18:18:05.798930 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismDUu3w-1taBUoJpGrUwAAAFI"]
[Thu Jun 11 18:18:06.537076 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDku3w-1taBUoJpGrWQAAAFI"]
[Thu Jun 11 18:18:06.537197 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDku3w-1taBUoJpGrWQAAAFI"]
[Thu Jun 11 18:18:06.537259 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDku3w-1taBUoJpGrWQAAAFI"]
[Thu Jun 11 18:18:06.537689 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismDku3w-1taBUoJpGrWQAAAFI"]
[Thu Jun 11 18:18:06.538432 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismDku3w-1taBUoJpGrWQAAAFI"]
[Thu Jun 11 18:18:07.289733 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYAAAAFI"]
[Thu Jun 11 18:18:07.289852 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYAAAAFI"]
[Thu Jun 11 18:18:07.289926 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYAAAAFI"]
[Thu Jun 11 18:18:07.290338 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYAAAAFI"]
[Thu Jun 11 18:18:07.291342 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismD0u3w-1taBUoJpGrYAAAAFI"]
[Thu Jun 11 18:18:07.971809 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYwAAAFI"]
[Thu Jun 11 18:18:07.971943 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYwAAAFI"]
[Thu Jun 11 18:18:07.972040 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYwAAAFI"]
[Thu Jun 11 18:18:07.972435 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismD0u3w-1taBUoJpGrYwAAAFI"]
[Thu Jun 11 18:18:07.973478 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismD0u3w-1taBUoJpGrYwAAAFI"]
[Thu Jun 11 18:18:08.702864 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEEu3w-1taBUoJpGraQAAAFI"]
[Thu Jun 11 18:18:08.702981 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEEu3w-1taBUoJpGraQAAAFI"]
[Thu Jun 11 18:18:08.703068 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEEu3w-1taBUoJpGraQAAAFI"]
[Thu Jun 11 18:18:08.703480 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEEu3w-1taBUoJpGraQAAAFI"]
[Thu Jun 11 18:18:08.704527 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismEEu3w-1taBUoJpGraQAAAFI"]
[Thu Jun 11 18:18:09.417908 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEUu3w-1taBUoJpGrcQAAAFI"]
[Thu Jun 11 18:18:09.418033 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEUu3w-1taBUoJpGrcQAAAFI"]
[Thu Jun 11 18:18:09.418106 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEUu3w-1taBUoJpGrcQAAAFI"]
[Thu Jun 11 18:18:09.418514 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEUu3w-1taBUoJpGrcQAAAFI"]
[Thu Jun 11 18:18:09.419765 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismEUu3w-1taBUoJpGrcQAAAFI"]
[Thu Jun 11 18:18:10.122626 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrdgAAAFI"]
[Thu Jun 11 18:18:10.122918 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrdgAAAFI"]
[Thu Jun 11 18:18:10.122991 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrdgAAAFI"]
[Thu Jun 11 18:18:10.123343 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrdgAAAFI"]
[Thu Jun 11 18:18:10.125797 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismEku3w-1taBUoJpGrdgAAAFI"]
[Thu Jun 11 18:18:10.899665 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrewAAAFI"]
[Thu Jun 11 18:18:10.899884 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrewAAAFI"]
[Thu Jun 11 18:18:10.899952 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrewAAAFI"]
[Thu Jun 11 18:18:10.900425 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismEku3w-1taBUoJpGrewAAAFI"]
[Thu Jun 11 18:18:10.901531 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismEku3w-1taBUoJpGrewAAAFI"]
[Thu Jun 11 18:18:11.609628 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismE0u3w-1taBUoJpGrgQAAAFI"]
[Thu Jun 11 18:18:11.609749 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismE0u3w-1taBUoJpGrgQAAAFI"]
[Thu Jun 11 18:18:11.609808 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismE0u3w-1taBUoJpGrgQAAAFI"]
[Thu Jun 11 18:18:11.610260 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismE0u3w-1taBUoJpGrgQAAAFI"]
[Thu Jun 11 18:18:11.611257 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismE0u3w-1taBUoJpGrgQAAAFI"]
[Thu Jun 11 18:18:12.300000 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFEu3w-1taBUoJpGrhwAAAFI"]
[Thu Jun 11 18:18:12.300126 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFEu3w-1taBUoJpGrhwAAAFI"]
[Thu Jun 11 18:18:12.300200 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFEu3w-1taBUoJpGrhwAAAFI"]
[Thu Jun 11 18:18:12.300675 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFEu3w-1taBUoJpGrhwAAAFI"]
[Thu Jun 11 18:18:12.301484 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismFEu3w-1taBUoJpGrhwAAAFI"]
[Thu Jun 11 18:18:13.101200 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrjQAAAFI"]
[Thu Jun 11 18:18:13.101339 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrjQAAAFI"]
[Thu Jun 11 18:18:13.101448 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrjQAAAFI"]
[Thu Jun 11 18:18:13.102018 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrjQAAAFI"]
[Thu Jun 11 18:18:13.103148 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismFUu3w-1taBUoJpGrjQAAAFI"]
[Thu Jun 11 18:18:13.882966 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrkwAAAFI"]
[Thu Jun 11 18:18:13.883084 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrkwAAAFI"]
[Thu Jun 11 18:18:13.883149 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrkwAAAFI"]
[Thu Jun 11 18:18:13.883565 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFUu3w-1taBUoJpGrkwAAAFI"]
[Thu Jun 11 18:18:13.884605 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismFUu3w-1taBUoJpGrkwAAAFI"]
[Thu Jun 11 18:18:14.597426 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFku3w-1taBUoJpGrmAAAAFI"]
[Thu Jun 11 18:18:14.597527 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFku3w-1taBUoJpGrmAAAAFI"]
[Thu Jun 11 18:18:14.597618 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFku3w-1taBUoJpGrmAAAAFI"]
[Thu Jun 11 18:18:14.598041 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismFku3w-1taBUoJpGrmAAAAFI"]
[Thu Jun 11 18:18:14.599179 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismFku3w-1taBUoJpGrmAAAAFI"]
[Thu Jun 11 18:18:15.265462 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismF0u3w-1taBUoJpGrnAAAAFI"]
[Thu Jun 11 18:18:15.265594 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismF0u3w-1taBUoJpGrnAAAAFI"]
[Thu Jun 11 18:18:15.265663 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismF0u3w-1taBUoJpGrnAAAAFI"]
[Thu Jun 11 18:18:15.266061 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismF0u3w-1taBUoJpGrnAAAAFI"]
[Thu Jun 11 18:18:15.267082 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismF0u3w-1taBUoJpGrnAAAAFI"]
[Thu Jun 11 18:18:16.009371 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGroQAAAFI"]
[Thu Jun 11 18:18:16.009482 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGroQAAAFI"]
[Thu Jun 11 18:18:16.009541 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGroQAAAFI"]
[Thu Jun 11 18:18:16.010022 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGroQAAAFI"]
[Thu Jun 11 18:18:16.011030 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismGEu3w-1taBUoJpGroQAAAFI"]
[Thu Jun 11 18:18:16.459608 2026] [security2:error] [pid 19676:tid 19700] [client 66.132.195.122:40398] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aismGPu9t63IK8VErVnIsgAAANM"]
[Thu Jun 11 18:18:16.617781 2026] [security2:error] [pid 25848:tid 25866] [client 66.132.195.122:40404] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aismGEu3w-1taBUoJpGrpgAAAEY"]
[Thu Jun 11 18:18:16.698980 2026] [security2:error] [pid 2253:tid 2270] [client 66.132.195.122:40418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aismGJhbxTmX9uu_dpoctwAAAIs"]
[Thu Jun 11 18:18:16.726641 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGrpwAAAFI"]
[Thu Jun 11 18:18:16.726763 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGrpwAAAFI"]
[Thu Jun 11 18:18:16.726828 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGrpwAAAFI"]
[Thu Jun 11 18:18:16.727232 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGEu3w-1taBUoJpGrpwAAAFI"]
[Thu Jun 11 18:18:16.728163 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismGEu3w-1taBUoJpGrpwAAAFI"]
[Thu Jun 11 18:18:16.902745 2026] [security2:error] [pid 25848:tid 25880] [client 66.132.195.122:40424] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aismGEu3w-1taBUoJpGrqgAAAFQ"]
[Thu Jun 11 18:18:17.442907 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGUu3w-1taBUoJpGrrQAAAFI"]
[Thu Jun 11 18:18:17.443045 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGUu3w-1taBUoJpGrrQAAAFI"]
[Thu Jun 11 18:18:17.443125 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGUu3w-1taBUoJpGrrQAAAFI"]
[Thu Jun 11 18:18:17.443562 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGUu3w-1taBUoJpGrrQAAAFI"]
[Thu Jun 11 18:18:17.444793 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismGUu3w-1taBUoJpGrrQAAAFI"]
[Thu Jun 11 18:18:18.131705 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrsQAAAFI"]
[Thu Jun 11 18:18:18.131828 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrsQAAAFI"]
[Thu Jun 11 18:18:18.131893 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrsQAAAFI"]
[Thu Jun 11 18:18:18.132351 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrsQAAAFI"]
[Thu Jun 11 18:18:18.133159 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismGku3w-1taBUoJpGrsQAAAFI"]
[Thu Jun 11 18:18:18.783702 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrtQAAAFI"]
[Thu Jun 11 18:18:18.783819 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrtQAAAFI"]
[Thu Jun 11 18:18:18.783886 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrtQAAAFI"]
[Thu Jun 11 18:18:18.784298 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismGku3w-1taBUoJpGrtQAAAFI"]
[Thu Jun 11 18:18:18.785141 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismGku3w-1taBUoJpGrtQAAAFI"]
[Thu Jun 11 18:18:19.569715 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismG0u3w-1taBUoJpGrugAAAFI"]
[Thu Jun 11 18:18:19.569863 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismG0u3w-1taBUoJpGrugAAAFI"]
[Thu Jun 11 18:18:19.569927 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismG0u3w-1taBUoJpGrugAAAFI"]
[Thu Jun 11 18:18:19.570385 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismG0u3w-1taBUoJpGrugAAAFI"]
[Thu Jun 11 18:18:19.571376 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismG0u3w-1taBUoJpGrugAAAFI"]
[Thu Jun 11 18:18:20.078210 2026] [security2:error] [pid 25342:tid 25359] [client 66.132.195.122:58420] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aismHG5ZjIIcput37E2UEgAAAQ4"]
[Thu Jun 11 18:18:20.309821 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismHEu3w-1taBUoJpGrvwAAAFI"]
[Thu Jun 11 18:18:20.310031 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismHEu3w-1taBUoJpGrvwAAAFI"]
[Thu Jun 11 18:18:20.310120 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismHEu3w-1taBUoJpGrvwAAAFI"]
[Thu Jun 11 18:18:20.310759 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aismHEu3w-1taBUoJpGrvwAAAFI"]
[Thu Jun 11 18:18:20.311998 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismHEu3w-1taBUoJpGrvwAAAFI"]
[Thu Jun 11 18:18:20.944520 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHEu3w-1taBUoJpGrwwAAAFI"]
[Thu Jun 11 18:18:20.944931 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Matched phrase "call_user_func" at ARGS:function. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: call_user_func found within ARGS:function: call_user_func_array"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHEu3w-1taBUoJpGrwwAAAFI"]
[Thu Jun 11 18:18:20.945542 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHEu3w-1taBUoJpGrwwAAAFI"]
[Thu Jun 11 18:18:20.946388 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismHEu3w-1taBUoJpGrwwAAAFI"]
[Thu Jun 11 18:18:21.705525 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aismHUu3w-1taBUoJpGryAAAAFI"]
[Thu Jun 11 18:18:21.706066 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Matched phrase "call_user_func" at ARGS:function. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: call_user_func found within ARGS:function: call_user_func_array"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aismHUu3w-1taBUoJpGryAAAAFI"]
[Thu Jun 11 18:18:21.706965 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aismHUu3w-1taBUoJpGryAAAAFI"]
[Thu Jun 11 18:18:21.708064 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismHUu3w-1taBUoJpGryAAAAFI"]
[Thu Jun 11 18:18:22.445970 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446273 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\\x22hi\\x22));?>+/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446367 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446418 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\\x22hi\\x22));?>+/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446480 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& config-create /&/<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446533 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& config-create/&/<?echo(md5(hi)) ?>/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446589 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446640 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.446776 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:<\\\\?(?:[^x]|x[^m]|xm[^l]|xml[^\\\\s]|xml$|$)|<\\\\?php|\\\\[(?:\\\\/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:/<?echo(md5("hi"));?> /tmp/index1.php. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "66"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <?e found within ARGS_NAMES:/<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php: /<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.447566 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 43)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:22.448854 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 43 - SQLI=0,XSS=0,RFI=0,LFI=35,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 43, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismHku3w-1taBUoJpGrzwAAAFI"]
[Thu Jun 11 18:18:23.130637 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.130974 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.131027 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.131104 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.131149 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.131412 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.131466 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.132006 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.133565 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=30,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 33, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aismH0u3w-1taBUoJpGr1QAAAFI"]
[Thu Jun 11 18:18:23.954627 2026] [security2:error] [pid 25848:tid 25878] [client 143.20.49.38:55162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/containers/json"] [unique_id "aismH0u3w-1taBUoJpGr2QAAAFI"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 18:31:44.719972 2026] [security2:error] [pid 1658:tid 1676] [client 78.153.140.93:51502] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aispQMuk7NsHZDqaWIRV4QAAAA8"]
[Thu Jun 11 18:31:44.720215 2026] [security2:error] [pid 1658:tid 1676] [client 78.153.140.93:51502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aispQMuk7NsHZDqaWIRV4QAAAA8"]
[Thu Jun 11 18:31:44.720503 2026] [security2:error] [pid 1658:tid 1676] [client 78.153.140.93:51502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aispQMuk7NsHZDqaWIRV4QAAAA8"]
[Thu Jun 11 18:31:44.721391 2026] [security2:error] [pid 1658:tid 1676] [client 78.153.140.93:51502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aispQMuk7NsHZDqaWIRV4QAAAA8"]
[Thu Jun 11 18:31:45.082062 2026] [security2:error] [pid 25342:tid 25362] [client 78.153.140.93:51504] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aispQW5ZjIIcput37E2jcwAAARE"]
[Thu Jun 11 18:34:00.876329 2026] [core:error] [pid 19676:tid 19703] [client 47.83.185.162:43398] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 18:34:43.370912 2026] [security2:error] [pid 25342:tid 25366] [client 176.65.139.66:41816] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisp825ZjIIcput37E2mYQAAARU"]
[Thu Jun 11 18:35:39.722529 2026] [security2:error] [pid 1658:tid 1669] [client 104.243.35.45:58886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisqK8uk7NsHZDqaWIRZDQAAAAg"]
[Thu Jun 11 18:35:39.821615 2026] [security2:error] [pid 19676:tid 19696] [client 104.243.35.45:58898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/models"] [unique_id "aisqK_u9t63IK8VErVnXKAAAAM8"]
[Thu Jun 11 18:35:39.869090 2026] [security2:error] [pid 1658:tid 1669] [client 104.243.35.45:58886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/mcp"] [unique_id "aisqK8uk7NsHZDqaWIRZDgAAAAg"]
[Thu Jun 11 18:35:39.923082 2026] [security2:error] [pid 19676:tid 19696] [client 104.243.35.45:58898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/mcp.json"] [unique_id "aisqK_u9t63IK8VErVnXKgAAAM8"]
[Thu Jun 11 18:35:39.971696 2026] [security2:error] [pid 1658:tid 1669] [client 104.243.35.45:58886] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/agent.json"] [unique_id "aisqK8uk7NsHZDqaWIRZDwAAAAg"]
[Thu Jun 11 18:35:40.028482 2026] [security2:error] [pid 19676:tid 19696] [client 104.243.35.45:58898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/invocations"] [unique_id "aisqLPu9t63IK8VErVnXKwAAAM8"]
[Thu Jun 11 18:41:37.278092 2026] [security2:error] [pid 2253:tid 2279] [client 45.148.10.67:53932] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisrkZhbxTmX9uu_dpo25gAAAJQ"]
[Thu Jun 11 18:46:56.594156 2026] [security2:error] [pid 25848:tid 25871] [client 78.153.140.250:44902] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiss0Eu3w-1taBUoJpHHYwAAAEs"]
[Thu Jun 11 18:46:56.594493 2026] [security2:error] [pid 25848:tid 25871] [client 78.153.140.250:44902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiss0Eu3w-1taBUoJpHHYwAAAEs"]
[Thu Jun 11 18:46:56.594792 2026] [security2:error] [pid 25848:tid 25871] [client 78.153.140.250:44902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiss0Eu3w-1taBUoJpHHYwAAAEs"]
[Thu Jun 11 18:46:56.595079 2026] [security2:error] [pid 25848:tid 25871] [client 78.153.140.250:44902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiss0Eu3w-1taBUoJpHHYwAAAEs"]
[Thu Jun 11 18:46:57.198416 2026] [security2:error] [pid 19676:tid 19700] [client 78.153.140.250:44906] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiss0fu9t63IK8VErVnkTgAAANM"]
[Thu Jun 11 18:47:48.225475 2026] [security2:error] [pid 19676:tid 19698] [client 79.124.40.174:44404] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aistBPu9t63IK8VErVnlGgAAANE"]
[Thu Jun 11 18:48:05.619847 2026] [security2:error] [pid 2253:tid 2281] [client 80.94.92.65:53994] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aistFZhbxTmX9uu_dpo9GAAAAJY"]
[Thu Jun 11 18:48:05.619993 2026] [security2:error] [pid 2253:tid 2281] [client 80.94.92.65:53994] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aistFZhbxTmX9uu_dpo9GAAAAJY"]
[Thu Jun 11 18:48:05.620143 2026] [security2:error] [pid 2253:tid 2281] [client 80.94.92.65:53994] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aistFZhbxTmX9uu_dpo9GAAAAJY"]
[Thu Jun 11 18:48:05.620419 2026] [security2:error] [pid 2253:tid 2281] [client 80.94.92.65:53994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aistFZhbxTmX9uu_dpo9GAAAAJY"]
[Thu Jun 11 18:48:05.621428 2026] [security2:error] [pid 2253:tid 2281] [client 80.94.92.65:53994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aistFZhbxTmX9uu_dpo9GAAAAJY"]
[Thu Jun 11 18:55:23.359017 2026] [security2:error] [pid 19676:tid 19690] [client 43.158.91.71:49648] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aisuy_u9t63IK8VErVntKwAAAMk"]
[Thu Jun 11 19:04:46.743019 2026] [security2:error] [pid 1658:tid 1676] [client 109.105.210.97:60686] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aisw_suk7NsHZDqaWIR54QAAAA8"]
[Thu Jun 11 19:04:46.768839 2026] [security2:error] [pid 1658:tid 1676] [client 109.105.210.97:60686] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisw_suk7NsHZDqaWIR54gAAAA8"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 19:05:10.255812 2026] [security2:error] [pid 25342:tid 25359] [client 109.105.210.98:34678] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/showLogin.cc"] [unique_id "aisxFm5ZjIIcput37E3HOwAAAQ4"]
[Thu Jun 11 19:05:10.267986 2026] [security2:error] [pid 25342:tid 25359] [client 109.105.210.98:34678] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aisxFm5ZjIIcput37E3HPAAAAQ4"], referer: https://13.66.22.226/showLogin.cc
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 19:06:48.767655 2026] [security2:error] [pid 25342:tid 25369] [client 195.96.139.183:50371] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aisxeG5ZjIIcput37E3KaAAAARg"], referer: http://13.84.161.190
[Thu Jun 11 19:06:49.854059 2026] [security2:error] [pid 25848:tid 25880] [client 195.96.139.213:60083] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aisxeUu3w-1taBUoJpHcIwAAAFQ"]
[Thu Jun 11 19:20:46.642287 2026] [security2:error] [pid 25342:tid 25349] [client 65.108.2.171:50702] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/cache-mq.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0vm5ZjIIcput37E3ZagAAAQQ"]
[Thu Jun 11 19:20:46.643126 2026] [security2:error] [pid 25342:tid 25349] [client 65.108.2.171:50702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0vm5ZjIIcput37E3ZagAAAQQ"]
[Thu Jun 11 19:20:46.643659 2026] [security2:error] [pid 25342:tid 25349] [client 65.108.2.171:50702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0vm5ZjIIcput37E3ZagAAAQQ"]
[Thu Jun 11 19:20:48.651934 2026] [security2:error] [pid 19676:tid 19702] [client 65.108.2.171:50714] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/cache-smq.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wPu9t63IK8VErVkJiQAAANU"]
[Thu Jun 11 19:20:48.652682 2026] [security2:error] [pid 19676:tid 19702] [client 65.108.2.171:50714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wPu9t63IK8VErVkJiQAAANU"]
[Thu Jun 11 19:20:48.652959 2026] [security2:error] [pid 19676:tid 19702] [client 65.108.2.171:50714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wPu9t63IK8VErVkJiQAAANU"]
[Thu Jun 11 19:20:50.704330 2026] [security2:error] [pid 25342:tid 25361] [client 65.108.2.171:23150] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/command_profile_template.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wm5ZjIIcput37E3ZcAAAARA"]
[Thu Jun 11 19:20:50.705069 2026] [security2:error] [pid 25342:tid 25361] [client 65.108.2.171:23150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wm5ZjIIcput37E3ZcAAAARA"]
[Thu Jun 11 19:20:50.705395 2026] [security2:error] [pid 25342:tid 25361] [client 65.108.2.171:23150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0wm5ZjIIcput37E3ZcAAAARA"]
[Thu Jun 11 19:20:52.779345 2026] [security2:error] [pid 2253:tid 2277] [client 65.108.2.171:23166] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/lvmdbusd.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xJhbxTmX9uu_dppieQAAAJI"]
[Thu Jun 11 19:20:52.780084 2026] [security2:error] [pid 2253:tid 2277] [client 65.108.2.171:23166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xJhbxTmX9uu_dppieQAAAJI"]
[Thu Jun 11 19:20:52.780381 2026] [security2:error] [pid 2253:tid 2277] [client 65.108.2.171:23166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xJhbxTmX9uu_dppieQAAAJI"]
[Thu Jun 11 19:20:54.772834 2026] [security2:error] [pid 1658:tid 1675] [client 65.108.2.171:23182] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/metadata_profile_template.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xsuk7NsHZDqaWISJPgAAAA4"]
[Thu Jun 11 19:20:54.773595 2026] [security2:error] [pid 1658:tid 1675] [client 65.108.2.171:23182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xsuk7NsHZDqaWISJPgAAAA4"]
[Thu Jun 11 19:20:54.773927 2026] [security2:error] [pid 1658:tid 1675] [client 65.108.2.171:23182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0xsuk7NsHZDqaWISJPgAAAA4"]
[Thu Jun 11 19:20:56.779942 2026] [security2:error] [pid 25848:tid 25876] [client 65.108.2.171:23190] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/thin-generic.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yEu3w-1taBUoJpHpmQAAAFA"]
[Thu Jun 11 19:20:56.780605 2026] [security2:error] [pid 25848:tid 25876] [client 65.108.2.171:23190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yEu3w-1taBUoJpHpmQAAAFA"]
[Thu Jun 11 19:20:56.780907 2026] [security2:error] [pid 25848:tid 25876] [client 65.108.2.171:23190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yEu3w-1taBUoJpHpmQAAAFA"]
[Thu Jun 11 19:20:58.803545 2026] [security2:error] [pid 2253:tid 2266] [client 65.108.2.171:23198] ModSecurity: Warning. Matched phrase ".profile" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:fileloc: /etc/lvm/profile/thin-performance.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yphbxTmX9uu_dppimwAAAIc"]
[Thu Jun 11 19:20:58.804129 2026] [security2:error] [pid 2253:tid 2266] [client 65.108.2.171:23198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yphbxTmX9uu_dppimwAAAIc"]
[Thu Jun 11 19:20:58.804377 2026] [security2:error] [pid 2253:tid 2266] [client 65.108.2.171:23198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "ais0yphbxTmX9uu_dppimwAAAIc"]
[Thu Jun 11 19:21:47.096812 2026] [security2:error] [pid 25848:tid 25877] [client 45.198.224.22:63490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ais0-0u3w-1taBUoJpHqKwAAAFE"]
[Thu Jun 11 19:21:48.996370 2026] [security2:error] [pid 1658:tid 1677] [client 45.198.224.22:63516] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/dvr/cmd"] [unique_id "ais0_Muk7NsHZDqaWISJ9gAAABA"]
[Thu Jun 11 19:25:01.816623 2026] [security2:error] [pid 2253:tid 2267] [client 154.197.57.214:53122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vZhbxTmX9uu_dppmZwAAAIg"]
[Thu Jun 11 19:25:01.816930 2026] [security2:error] [pid 2253:tid 2267] [client 154.197.57.214:53122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vZhbxTmX9uu_dppmZwAAAIg"]
[Thu Jun 11 19:25:01.817275 2026] [security2:error] [pid 2253:tid 2267] [client 154.197.57.214:53122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vZhbxTmX9uu_dppmZwAAAIg"]
[Thu Jun 11 19:25:01.818139 2026] [security2:error] [pid 2253:tid 2267] [client 154.197.57.214:53122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais1vZhbxTmX9uu_dppmZwAAAIg"]
[Thu Jun 11 19:25:01.969038 2026] [security2:error] [pid 19676:tid 19692] [client 154.197.57.214:57179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ais1vfu9t63IK8VErVkOxgAAAMs"]
[Thu Jun 11 19:25:02.359956 2026] [security2:error] [pid 25342:tid 25345] [client 154.197.57.214:58213] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vm5ZjIIcput37E3dSQAAAQA"]
[Thu Jun 11 19:25:02.360312 2026] [security2:error] [pid 25342:tid 25345] [client 154.197.57.214:58213] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vm5ZjIIcput37E3dSQAAAQA"]
[Thu Jun 11 19:25:02.360623 2026] [security2:error] [pid 25342:tid 25345] [client 154.197.57.214:58213] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais1vm5ZjIIcput37E3dSQAAAQA"]
[Thu Jun 11 19:25:02.360907 2026] [security2:error] [pid 25342:tid 25345] [client 154.197.57.214:58213] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais1vm5ZjIIcput37E3dSQAAAQA"]
[Thu Jun 11 19:25:02.547818 2026] [security2:error] [pid 2253:tid 2271] [client 154.197.57.214:58682] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ais1vphbxTmX9uu_dppmaQAAAIw"]
[Thu Jun 11 19:25:20.817711 2026] [security2:error] [pid 2253:tid 2261] [client 45.156.129.130:58664] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ais10JhbxTmX9uu_dppmmQAAAII"]
[Thu Jun 11 19:25:21.065106 2026] [security2:error] [pid 25342:tid 25367] [client 45.156.129.52:60630] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/showLogin.cc"] [unique_id "ais10W5ZjIIcput37E3dlAAAARY"]
[Thu Jun 11 19:43:48.688781 2026] [security2:error] [pid 2253:tid 2271] [client 79.124.40.174:33174] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/gateway/routes"] [unique_id "ais6JJhbxTmX9uu_dpp5vAAAAIw"]
[Thu Jun 11 19:46:07.052943 2026] [security2:error] [pid 2253:tid 2271] [client 209.141.61.42:59938] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/v1/models"] [unique_id "ais6r5hbxTmX9uu_dpp83QAAAIw"]
[Thu Jun 11 19:46:07.143916 2026] [security2:error] [pid 19676:tid 19683] [client 209.141.61.42:60006] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/v1/models"] [unique_id "ais6r_u9t63IK8VErVkkzQAAAMI"]
[Thu Jun 11 19:57:07.105057 2026] [security2:error] [pid 25342:tid 25348] [client 45.148.10.67:22738] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ais9Q25ZjIIcput37E0AlwAAAQM"]
[Thu Jun 11 19:59:09.554716 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais9vZhbxTmX9uu_dpqLzgAAAJg"]
[Thu Jun 11 19:59:09.554922 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais9vZhbxTmX9uu_dpqLzgAAAJg"]
[Thu Jun 11 19:59:09.555266 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ais9vZhbxTmX9uu_dpqLzgAAAJg"]
[Thu Jun 11 19:59:09.555524 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vZhbxTmX9uu_dpqLzgAAAJg"]
[Thu Jun 11 19:59:09.686985 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "ais9vZhbxTmX9uu_dpqLzwAAAJg"]
[Thu Jun 11 19:59:09.687186 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "ais9vZhbxTmX9uu_dpqLzwAAAJg"]
[Thu Jun 11 19:59:09.687440 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local"] [unique_id "ais9vZhbxTmX9uu_dpqLzwAAAJg"]
[Thu Jun 11 19:59:09.687749 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vZhbxTmX9uu_dpqLzwAAAJg"]
[Thu Jun 11 19:59:09.821346 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "ais9vZhbxTmX9uu_dpqL0AAAAJg"]
[Thu Jun 11 19:59:09.821521 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "ais9vZhbxTmX9uu_dpqL0AAAAJg"]
[Thu Jun 11 19:59:09.821769 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production"] [unique_id "ais9vZhbxTmX9uu_dpqL0AAAAJg"]
[Thu Jun 11 19:59:09.821981 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vZhbxTmX9uu_dpqL0AAAAJg"]
[Thu Jun 11 19:59:09.954465 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "ais9vZhbxTmX9uu_dpqL0QAAAJg"]
[Thu Jun 11 19:59:09.954722 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "ais9vZhbxTmX9uu_dpqL0QAAAJg"]
[Thu Jun 11 19:59:09.954980 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.prod"] [unique_id "ais9vZhbxTmX9uu_dpqL0QAAAJg"]
[Thu Jun 11 19:59:09.955212 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vZhbxTmX9uu_dpqL0QAAAJg"]
[Thu Jun 11 19:59:10.089911 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "ais9vphbxTmX9uu_dpqL1AAAAJg"]
[Thu Jun 11 19:59:10.090229 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "ais9vphbxTmX9uu_dpqL1AAAAJg"]
[Thu Jun 11 19:59:10.090605 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.development"] [unique_id "ais9vphbxTmX9uu_dpqL1AAAAJg"]
[Thu Jun 11 19:59:10.090910 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL1AAAAJg"]
[Thu Jun 11 19:59:10.222865 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "ais9vphbxTmX9uu_dpqL1gAAAJg"]
[Thu Jun 11 19:59:10.223077 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "ais9vphbxTmX9uu_dpqL1gAAAJg"]
[Thu Jun 11 19:59:10.223439 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dev"] [unique_id "ais9vphbxTmX9uu_dpqL1gAAAJg"]
[Thu Jun 11 19:59:10.223748 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL1gAAAJg"]
[Thu Jun 11 19:59:10.356227 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "ais9vphbxTmX9uu_dpqL2AAAAJg"]
[Thu Jun 11 19:59:10.356431 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "ais9vphbxTmX9uu_dpqL2AAAAJg"]
[Thu Jun 11 19:59:10.356750 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.staging"] [unique_id "ais9vphbxTmX9uu_dpqL2AAAAJg"]
[Thu Jun 11 19:59:10.357008 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL2AAAAJg"]
[Thu Jun 11 19:59:10.488528 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "ais9vphbxTmX9uu_dpqL2QAAAJg"]
[Thu Jun 11 19:59:10.488766 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "ais9vphbxTmX9uu_dpqL2QAAAJg"]
[Thu Jun 11 19:59:10.489063 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.stage"] [unique_id "ais9vphbxTmX9uu_dpqL2QAAAJg"]
[Thu Jun 11 19:59:10.489299 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL2QAAAJg"]
[Thu Jun 11 19:59:10.623626 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "ais9vphbxTmX9uu_dpqL2gAAAJg"]
[Thu Jun 11 19:59:10.623854 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "ais9vphbxTmX9uu_dpqL2gAAAJg"]
[Thu Jun 11 19:59:10.624161 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.test"] [unique_id "ais9vphbxTmX9uu_dpqL2gAAAJg"]
[Thu Jun 11 19:59:10.624388 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL2gAAAJg"]
[Thu Jun 11 19:59:10.761092 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "ais9vphbxTmX9uu_dpqL3AAAAJg"]
[Thu Jun 11 19:59:10.761281 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "ais9vphbxTmX9uu_dpqL3AAAAJg"]
[Thu Jun 11 19:59:10.761486 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.uat"] [unique_id "ais9vphbxTmX9uu_dpqL3AAAAJg"]
[Thu Jun 11 19:59:10.761804 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL3AAAAJg"]
[Thu Jun 11 19:59:10.894739 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "ais9vphbxTmX9uu_dpqL3gAAAJg"]
[Thu Jun 11 19:59:10.895067 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "ais9vphbxTmX9uu_dpqL3gAAAJg"]
[Thu Jun 11 19:59:10.895393 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.qa"] [unique_id "ais9vphbxTmX9uu_dpqL3gAAAJg"]
[Thu Jun 11 19:59:10.895715 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9vphbxTmX9uu_dpqL3gAAAJg"]
[Thu Jun 11 19:59:11.027552 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.preprod"] [unique_id "ais9v5hbxTmX9uu_dpqL4AAAAJg"]
[Thu Jun 11 19:59:11.027823 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.preprod"] [unique_id "ais9v5hbxTmX9uu_dpqL4AAAAJg"]
[Thu Jun 11 19:59:11.028058 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.preprod"] [unique_id "ais9v5hbxTmX9uu_dpqL4AAAAJg"]
[Thu Jun 11 19:59:11.028316 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL4AAAAJg"]
[Thu Jun 11 19:59:11.170080 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "ais9v5hbxTmX9uu_dpqL4gAAAJg"]
[Thu Jun 11 19:59:11.170339 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "ais9v5hbxTmX9uu_dpqL4gAAAJg"]
[Thu Jun 11 19:59:11.170626 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.live"] [unique_id "ais9v5hbxTmX9uu_dpqL4gAAAJg"]
[Thu Jun 11 19:59:11.171035 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL4gAAAJg"]
[Thu Jun 11 19:59:11.307755 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "ais9v5hbxTmX9uu_dpqL4wAAAJg"]
[Thu Jun 11 19:59:11.307965 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "ais9v5hbxTmX9uu_dpqL4wAAAJg"]
[Thu Jun 11 19:59:11.308246 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.example"] [unique_id "ais9v5hbxTmX9uu_dpqL4wAAAJg"]
[Thu Jun 11 19:59:11.308547 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL4wAAAJg"]
[Thu Jun 11 19:59:11.442454 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "ais9v5hbxTmX9uu_dpqL5AAAAJg"]
[Thu Jun 11 19:59:11.442783 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "ais9v5hbxTmX9uu_dpqL5AAAAJg"]
[Thu Jun 11 19:59:11.443088 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample"] [unique_id "ais9v5hbxTmX9uu_dpqL5AAAAJg"]
[Thu Jun 11 19:59:11.447737 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL5AAAAJg"]
[Thu Jun 11 19:59:11.580744 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "ais9v5hbxTmX9uu_dpqL5gAAAJg"]
[Thu Jun 11 19:59:11.580960 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "ais9v5hbxTmX9uu_dpqL5gAAAJg"]
[Thu Jun 11 19:59:11.581234 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.dist"] [unique_id "ais9v5hbxTmX9uu_dpqL5gAAAJg"]
[Thu Jun 11 19:59:11.581521 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL5gAAAJg"]
[Thu Jun 11 19:59:11.714936 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "ais9v5hbxTmX9uu_dpqL6AAAAJg"]
[Thu Jun 11 19:59:11.715019 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "ais9v5hbxTmX9uu_dpqL6AAAAJg"]
[Thu Jun 11 19:59:11.715171 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "ais9v5hbxTmX9uu_dpqL6AAAAJg"]
[Thu Jun 11 19:59:11.715393 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.bak"] [unique_id "ais9v5hbxTmX9uu_dpqL6AAAAJg"]
[Thu Jun 11 19:59:11.715648 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL6AAAAJg"]
[Thu Jun 11 19:59:11.856494 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "ais9v5hbxTmX9uu_dpqL6gAAAJg"]
[Thu Jun 11 19:59:11.860843 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "ais9v5hbxTmX9uu_dpqL6gAAAJg"]
[Thu Jun 11 19:59:11.861044 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "ais9v5hbxTmX9uu_dpqL6gAAAJg"]
[Thu Jun 11 19:59:11.861278 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.backup"] [unique_id "ais9v5hbxTmX9uu_dpqL6gAAAJg"]
[Thu Jun 11 19:59:11.861559 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL6gAAAJg"]
[Thu Jun 11 19:59:11.994298 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "ais9v5hbxTmX9uu_dpqL6wAAAJg"]
[Thu Jun 11 19:59:11.994425 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "ais9v5hbxTmX9uu_dpqL6wAAAJg"]
[Thu Jun 11 19:59:11.994612 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "ais9v5hbxTmX9uu_dpqL6wAAAJg"]
[Thu Jun 11 19:59:11.994847 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.old"] [unique_id "ais9v5hbxTmX9uu_dpqL6wAAAJg"]
[Thu Jun 11 19:59:11.995083 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9v5hbxTmX9uu_dpqL6wAAAJg"]
[Thu Jun 11 19:59:12.129219 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "ais9wJhbxTmX9uu_dpqL7QAAAJg"]
[Thu Jun 11 19:59:12.129504 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "ais9wJhbxTmX9uu_dpqL7QAAAJg"]
[Thu Jun 11 19:59:12.129812 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.save"] [unique_id "ais9wJhbxTmX9uu_dpqL7QAAAJg"]
[Thu Jun 11 19:59:12.133962 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL7QAAAJg"]
[Thu Jun 11 19:59:12.267404 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "ais9wJhbxTmX9uu_dpqL7gAAAJg"]
[Thu Jun 11 19:59:12.267552 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "ais9wJhbxTmX9uu_dpqL7gAAAJg"]
[Thu Jun 11 19:59:12.267739 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "ais9wJhbxTmX9uu_dpqL7gAAAJg"]
[Thu Jun 11 19:59:12.268036 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.swp"] [unique_id "ais9wJhbxTmX9uu_dpqL7gAAAJg"]
[Thu Jun 11 19:59:12.268267 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL7gAAAJg"]
[Thu Jun 11 19:59:12.410885 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "ais9wJhbxTmX9uu_dpqL8AAAAJg"]
[Thu Jun 11 19:59:12.411179 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "ais9wJhbxTmX9uu_dpqL8AAAAJg"]
[Thu Jun 11 19:59:12.411465 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env"] [unique_id "ais9wJhbxTmX9uu_dpqL8AAAAJg"]
[Thu Jun 11 19:59:12.411746 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL8AAAAJg"]
[Thu Jun 11 19:59:12.544033 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.local"] [unique_id "ais9wJhbxTmX9uu_dpqL8gAAAJg"]
[Thu Jun 11 19:59:12.544349 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.local"] [unique_id "ais9wJhbxTmX9uu_dpqL8gAAAJg"]
[Thu Jun 11 19:59:12.544655 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.local"] [unique_id "ais9wJhbxTmX9uu_dpqL8gAAAJg"]
[Thu Jun 11 19:59:12.544976 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL8gAAAJg"]
[Thu Jun 11 19:59:12.678081 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.production"] [unique_id "ais9wJhbxTmX9uu_dpqL9AAAAJg"]
[Thu Jun 11 19:59:12.678278 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.production"] [unique_id "ais9wJhbxTmX9uu_dpqL9AAAAJg"]
[Thu Jun 11 19:59:12.678505 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.production"] [unique_id "ais9wJhbxTmX9uu_dpqL9AAAAJg"]
[Thu Jun 11 19:59:12.678810 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL9AAAAJg"]
[Thu Jun 11 19:59:12.813106 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.prod"] [unique_id "ais9wJhbxTmX9uu_dpqL9gAAAJg"]
[Thu Jun 11 19:59:12.813312 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.prod"] [unique_id "ais9wJhbxTmX9uu_dpqL9gAAAJg"]
[Thu Jun 11 19:59:12.813621 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.prod"] [unique_id "ais9wJhbxTmX9uu_dpqL9gAAAJg"]
[Thu Jun 11 19:59:12.813852 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL9gAAAJg"]
[Thu Jun 11 19:59:12.946108 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.development"] [unique_id "ais9wJhbxTmX9uu_dpqL-AAAAJg"]
[Thu Jun 11 19:59:12.946353 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.development"] [unique_id "ais9wJhbxTmX9uu_dpqL-AAAAJg"]
[Thu Jun 11 19:59:12.946656 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.development"] [unique_id "ais9wJhbxTmX9uu_dpqL-AAAAJg"]
[Thu Jun 11 19:59:12.946948 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wJhbxTmX9uu_dpqL-AAAAJg"]
[Thu Jun 11 19:59:13.081741 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.dev"] [unique_id "ais9wZhbxTmX9uu_dpqL-QAAAJg"]
[Thu Jun 11 19:59:13.081980 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.dev"] [unique_id "ais9wZhbxTmX9uu_dpqL-QAAAJg"]
[Thu Jun 11 19:59:13.082213 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.dev"] [unique_id "ais9wZhbxTmX9uu_dpqL-QAAAJg"]
[Thu Jun 11 19:59:13.082509 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqL-QAAAJg"]
[Thu Jun 11 19:59:13.217319 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.staging"] [unique_id "ais9wZhbxTmX9uu_dpqL-gAAAJg"]
[Thu Jun 11 19:59:13.217618 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.staging"] [unique_id "ais9wZhbxTmX9uu_dpqL-gAAAJg"]
[Thu Jun 11 19:59:13.217930 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.staging"] [unique_id "ais9wZhbxTmX9uu_dpqL-gAAAJg"]
[Thu Jun 11 19:59:13.218183 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqL-gAAAJg"]
[Thu Jun 11 19:59:13.355074 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.stage"] [unique_id "ais9wZhbxTmX9uu_dpqL-wAAAJg"]
[Thu Jun 11 19:59:13.355283 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.stage"] [unique_id "ais9wZhbxTmX9uu_dpqL-wAAAJg"]
[Thu Jun 11 19:59:13.355564 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.stage"] [unique_id "ais9wZhbxTmX9uu_dpqL-wAAAJg"]
[Thu Jun 11 19:59:13.355806 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqL-wAAAJg"]
[Thu Jun 11 19:59:13.490408 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.test"] [unique_id "ais9wZhbxTmX9uu_dpqL_QAAAJg"]
[Thu Jun 11 19:59:13.490629 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.test"] [unique_id "ais9wZhbxTmX9uu_dpqL_QAAAJg"]
[Thu Jun 11 19:59:13.490990 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.test"] [unique_id "ais9wZhbxTmX9uu_dpqL_QAAAJg"]
[Thu Jun 11 19:59:13.491268 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqL_QAAAJg"]
[Thu Jun 11 19:59:13.624270 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.uat"] [unique_id "ais9wZhbxTmX9uu_dpqL_wAAAJg"]
[Thu Jun 11 19:59:13.624489 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.uat"] [unique_id "ais9wZhbxTmX9uu_dpqL_wAAAJg"]
[Thu Jun 11 19:59:13.624715 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.uat"] [unique_id "ais9wZhbxTmX9uu_dpqL_wAAAJg"]
[Thu Jun 11 19:59:13.625049 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqL_wAAAJg"]
[Thu Jun 11 19:59:13.761401 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.qa"] [unique_id "ais9wZhbxTmX9uu_dpqMAAAAAJg"]
[Thu Jun 11 19:59:13.761660 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.qa"] [unique_id "ais9wZhbxTmX9uu_dpqMAAAAAJg"]
[Thu Jun 11 19:59:13.761946 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.qa"] [unique_id "ais9wZhbxTmX9uu_dpqMAAAAAJg"]
[Thu Jun 11 19:59:13.762281 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqMAAAAAJg"]
[Thu Jun 11 19:59:13.893660 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.preprod"] [unique_id "ais9wZhbxTmX9uu_dpqMAQAAAJg"]
[Thu Jun 11 19:59:13.893859 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.preprod"] [unique_id "ais9wZhbxTmX9uu_dpqMAQAAAJg"]
[Thu Jun 11 19:59:13.894141 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.preprod"] [unique_id "ais9wZhbxTmX9uu_dpqMAQAAAJg"]
[Thu Jun 11 19:59:13.894414 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wZhbxTmX9uu_dpqMAQAAAJg"]
[Thu Jun 11 19:59:14.026627 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.live"] [unique_id "ais9wphbxTmX9uu_dpqMAwAAAJg"]
[Thu Jun 11 19:59:14.027212 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.live"] [unique_id "ais9wphbxTmX9uu_dpqMAwAAAJg"]
[Thu Jun 11 19:59:14.027633 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.live"] [unique_id "ais9wphbxTmX9uu_dpqMAwAAAJg"]
[Thu Jun 11 19:59:14.027955 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMAwAAAJg"]
[Thu Jun 11 19:59:14.160449 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.example"] [unique_id "ais9wphbxTmX9uu_dpqMBAAAAJg"]
[Thu Jun 11 19:59:14.160700 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.example"] [unique_id "ais9wphbxTmX9uu_dpqMBAAAAJg"]
[Thu Jun 11 19:59:14.160995 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.example"] [unique_id "ais9wphbxTmX9uu_dpqMBAAAAJg"]
[Thu Jun 11 19:59:14.161212 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMBAAAAJg"]
[Thu Jun 11 19:59:14.293181 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.sample"] [unique_id "ais9wphbxTmX9uu_dpqMBgAAAJg"]
[Thu Jun 11 19:59:14.293419 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.sample"] [unique_id "ais9wphbxTmX9uu_dpqMBgAAAJg"]
[Thu Jun 11 19:59:14.293717 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.sample"] [unique_id "ais9wphbxTmX9uu_dpqMBgAAAJg"]
[Thu Jun 11 19:59:14.293969 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMBgAAAJg"]
[Thu Jun 11 19:59:14.428690 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.dist"] [unique_id "ais9wphbxTmX9uu_dpqMBwAAAJg"]
[Thu Jun 11 19:59:14.429016 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.dist"] [unique_id "ais9wphbxTmX9uu_dpqMBwAAAJg"]
[Thu Jun 11 19:59:14.429331 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.dist"] [unique_id "ais9wphbxTmX9uu_dpqMBwAAAJg"]
[Thu Jun 11 19:59:14.429617 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMBwAAAJg"]
[Thu Jun 11 19:59:14.563651 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.bak"] [unique_id "ais9wphbxTmX9uu_dpqMCQAAAJg"]
[Thu Jun 11 19:59:14.563749 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.bak"] [unique_id "ais9wphbxTmX9uu_dpqMCQAAAJg"]
[Thu Jun 11 19:59:14.563939 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.bak"] [unique_id "ais9wphbxTmX9uu_dpqMCQAAAJg"]
[Thu Jun 11 19:59:14.564390 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.bak"] [unique_id "ais9wphbxTmX9uu_dpqMCQAAAJg"]
[Thu Jun 11 19:59:14.564711 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMCQAAAJg"]
[Thu Jun 11 19:59:14.696057 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.backup"] [unique_id "ais9wphbxTmX9uu_dpqMCgAAAJg"]
[Thu Jun 11 19:59:14.696135 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.backup"] [unique_id "ais9wphbxTmX9uu_dpqMCgAAAJg"]
[Thu Jun 11 19:59:14.696281 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.backup"] [unique_id "ais9wphbxTmX9uu_dpqMCgAAAJg"]
[Thu Jun 11 19:59:14.696757 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.backup"] [unique_id "ais9wphbxTmX9uu_dpqMCgAAAJg"]
[Thu Jun 11 19:59:14.697013 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMCgAAAJg"]
[Thu Jun 11 19:59:14.829714 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.old"] [unique_id "ais9wphbxTmX9uu_dpqMDgAAAJg"]
[Thu Jun 11 19:59:14.829809 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.old"] [unique_id "ais9wphbxTmX9uu_dpqMDgAAAJg"]
[Thu Jun 11 19:59:14.829996 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.old"] [unique_id "ais9wphbxTmX9uu_dpqMDgAAAJg"]
[Thu Jun 11 19:59:14.830275 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.old"] [unique_id "ais9wphbxTmX9uu_dpqMDgAAAJg"]
[Thu Jun 11 19:59:14.830682 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMDgAAAJg"]
[Thu Jun 11 19:59:14.967734 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.save"] [unique_id "ais9wphbxTmX9uu_dpqMDwAAAJg"]
[Thu Jun 11 19:59:14.967932 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.save"] [unique_id "ais9wphbxTmX9uu_dpqMDwAAAJg"]
[Thu Jun 11 19:59:14.968184 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.save"] [unique_id "ais9wphbxTmX9uu_dpqMDwAAAJg"]
[Thu Jun 11 19:59:14.968398 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9wphbxTmX9uu_dpqMDwAAAJg"]
[Thu Jun 11 19:59:15.104626 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.swp"] [unique_id "ais9w5hbxTmX9uu_dpqMEAAAAJg"]
[Thu Jun 11 19:59:15.104753 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/.env.swp"] [unique_id "ais9w5hbxTmX9uu_dpqMEAAAAJg"]
[Thu Jun 11 19:59:15.104941 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/public/.env.swp"] [unique_id "ais9w5hbxTmX9uu_dpqMEAAAAJg"]
[Thu Jun 11 19:59:15.105181 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/.env.swp"] [unique_id "ais9w5hbxTmX9uu_dpqMEAAAAJg"]
[Thu Jun 11 19:59:15.105456 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMEAAAAJg"]
[Thu Jun 11 19:59:15.237521 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "ais9w5hbxTmX9uu_dpqMEQAAAJg"]
[Thu Jun 11 19:59:15.237829 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "ais9w5hbxTmX9uu_dpqMEQAAAJg"]
[Thu Jun 11 19:59:15.238148 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env"] [unique_id "ais9w5hbxTmX9uu_dpqMEQAAAJg"]
[Thu Jun 11 19:59:15.238397 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMEQAAAJg"]
[Thu Jun 11 19:59:15.372418 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.local"] [unique_id "ais9w5hbxTmX9uu_dpqMFAAAAJg"]
[Thu Jun 11 19:59:15.372688 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.local"] [unique_id "ais9w5hbxTmX9uu_dpqMFAAAAJg"]
[Thu Jun 11 19:59:15.376910 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.local"] [unique_id "ais9w5hbxTmX9uu_dpqMFAAAAJg"]
[Thu Jun 11 19:59:15.377360 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMFAAAAJg"]
[Thu Jun 11 19:59:15.517733 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.production"] [unique_id "ais9w5hbxTmX9uu_dpqMFQAAAJg"]
[Thu Jun 11 19:59:15.517963 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.production"] [unique_id "ais9w5hbxTmX9uu_dpqMFQAAAJg"]
[Thu Jun 11 19:59:15.518259 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.production"] [unique_id "ais9w5hbxTmX9uu_dpqMFQAAAJg"]
[Thu Jun 11 19:59:15.518511 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMFQAAAJg"]
[Thu Jun 11 19:59:15.651637 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.prod"] [unique_id "ais9w5hbxTmX9uu_dpqMFgAAAJg"]
[Thu Jun 11 19:59:15.651849 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.prod"] [unique_id "ais9w5hbxTmX9uu_dpqMFgAAAJg"]
[Thu Jun 11 19:59:15.652150 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.prod"] [unique_id "ais9w5hbxTmX9uu_dpqMFgAAAJg"]
[Thu Jun 11 19:59:15.652378 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMFgAAAJg"]
[Thu Jun 11 19:59:15.784393 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.development"] [unique_id "ais9w5hbxTmX9uu_dpqMGAAAAJg"]
[Thu Jun 11 19:59:15.784678 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.development"] [unique_id "ais9w5hbxTmX9uu_dpqMGAAAAJg"]
[Thu Jun 11 19:59:15.785235 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.development"] [unique_id "ais9w5hbxTmX9uu_dpqMGAAAAJg"]
[Thu Jun 11 19:59:15.785542 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMGAAAAJg"]
[Thu Jun 11 19:59:15.919449 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.dev"] [unique_id "ais9w5hbxTmX9uu_dpqMGwAAAJg"]
[Thu Jun 11 19:59:15.919723 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.dev"] [unique_id "ais9w5hbxTmX9uu_dpqMGwAAAJg"]
[Thu Jun 11 19:59:15.919946 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.dev"] [unique_id "ais9w5hbxTmX9uu_dpqMGwAAAJg"]
[Thu Jun 11 19:59:15.920246 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9w5hbxTmX9uu_dpqMGwAAAJg"]
[Thu Jun 11 19:59:16.054552 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.staging"] [unique_id "ais9xJhbxTmX9uu_dpqMHAAAAJg"]
[Thu Jun 11 19:59:16.054831 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.staging"] [unique_id "ais9xJhbxTmX9uu_dpqMHAAAAJg"]
[Thu Jun 11 19:59:16.055127 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.staging"] [unique_id "ais9xJhbxTmX9uu_dpqMHAAAAJg"]
[Thu Jun 11 19:59:16.055403 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMHAAAAJg"]
[Thu Jun 11 19:59:16.217206 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.stage"] [unique_id "ais9xJhbxTmX9uu_dpqMHgAAAJg"]
[Thu Jun 11 19:59:16.217438 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.stage"] [unique_id "ais9xJhbxTmX9uu_dpqMHgAAAJg"]
[Thu Jun 11 19:59:16.217675 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.stage"] [unique_id "ais9xJhbxTmX9uu_dpqMHgAAAJg"]
[Thu Jun 11 19:59:16.217982 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMHgAAAJg"]
[Thu Jun 11 19:59:16.351387 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.test"] [unique_id "ais9xJhbxTmX9uu_dpqMHwAAAJg"]
[Thu Jun 11 19:59:16.351634 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.test"] [unique_id "ais9xJhbxTmX9uu_dpqMHwAAAJg"]
[Thu Jun 11 19:59:16.351952 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.test"] [unique_id "ais9xJhbxTmX9uu_dpqMHwAAAJg"]
[Thu Jun 11 19:59:16.352205 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMHwAAAJg"]
[Thu Jun 11 19:59:16.486462 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.uat"] [unique_id "ais9xJhbxTmX9uu_dpqMIAAAAJg"]
[Thu Jun 11 19:59:16.486706 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.uat"] [unique_id "ais9xJhbxTmX9uu_dpqMIAAAAJg"]
[Thu Jun 11 19:59:16.486965 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.uat"] [unique_id "ais9xJhbxTmX9uu_dpqMIAAAAJg"]
[Thu Jun 11 19:59:16.487188 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMIAAAAJg"]
[Thu Jun 11 19:59:16.623372 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.qa"] [unique_id "ais9xJhbxTmX9uu_dpqMIwAAAJg"]
[Thu Jun 11 19:59:16.623634 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.qa"] [unique_id "ais9xJhbxTmX9uu_dpqMIwAAAJg"]
[Thu Jun 11 19:59:16.623911 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.qa"] [unique_id "ais9xJhbxTmX9uu_dpqMIwAAAJg"]
[Thu Jun 11 19:59:16.624212 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMIwAAAJg"]
[Thu Jun 11 19:59:16.761241 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.preprod"] [unique_id "ais9xJhbxTmX9uu_dpqMJQAAAJg"]
[Thu Jun 11 19:59:16.761518 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.preprod"] [unique_id "ais9xJhbxTmX9uu_dpqMJQAAAJg"]
[Thu Jun 11 19:59:16.761840 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.preprod"] [unique_id "ais9xJhbxTmX9uu_dpqMJQAAAJg"]
[Thu Jun 11 19:59:16.762210 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMJQAAAJg"]
[Thu Jun 11 19:59:16.893907 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.live"] [unique_id "ais9xJhbxTmX9uu_dpqMJgAAAJg"]
[Thu Jun 11 19:59:16.894121 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.live"] [unique_id "ais9xJhbxTmX9uu_dpqMJgAAAJg"]
[Thu Jun 11 19:59:16.894406 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.live"] [unique_id "ais9xJhbxTmX9uu_dpqMJgAAAJg"]
[Thu Jun 11 19:59:16.894752 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xJhbxTmX9uu_dpqMJgAAAJg"]
[Thu Jun 11 19:59:17.026688 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.example"] [unique_id "ais9xZhbxTmX9uu_dpqMKAAAAJg"]
[Thu Jun 11 19:59:17.026977 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.example"] [unique_id "ais9xZhbxTmX9uu_dpqMKAAAAJg"]
[Thu Jun 11 19:59:17.027244 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.example"] [unique_id "ais9xZhbxTmX9uu_dpqMKAAAAJg"]
[Thu Jun 11 19:59:17.027493 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMKAAAAJg"]
[Thu Jun 11 19:59:17.168469 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.sample"] [unique_id "ais9xZhbxTmX9uu_dpqMKgAAAJg"]
[Thu Jun 11 19:59:17.168739 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.sample"] [unique_id "ais9xZhbxTmX9uu_dpqMKgAAAJg"]
[Thu Jun 11 19:59:17.169045 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.sample"] [unique_id "ais9xZhbxTmX9uu_dpqMKgAAAJg"]
[Thu Jun 11 19:59:17.169298 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMKgAAAJg"]
[Thu Jun 11 19:59:17.303691 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.dist"] [unique_id "ais9xZhbxTmX9uu_dpqMLAAAAJg"]
[Thu Jun 11 19:59:17.303956 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.dist"] [unique_id "ais9xZhbxTmX9uu_dpqMLAAAAJg"]
[Thu Jun 11 19:59:17.304274 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.dist"] [unique_id "ais9xZhbxTmX9uu_dpqMLAAAAJg"]
[Thu Jun 11 19:59:17.304516 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMLAAAAJg"]
[Thu Jun 11 19:59:17.441755 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.bak"] [unique_id "ais9xZhbxTmX9uu_dpqMLQAAAJg"]
[Thu Jun 11 19:59:17.441853 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.bak"] [unique_id "ais9xZhbxTmX9uu_dpqMLQAAAJg"]
[Thu Jun 11 19:59:17.442082 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.bak"] [unique_id "ais9xZhbxTmX9uu_dpqMLQAAAJg"]
[Thu Jun 11 19:59:17.442379 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.bak"] [unique_id "ais9xZhbxTmX9uu_dpqMLQAAAJg"]
[Thu Jun 11 19:59:17.442694 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMLQAAAJg"]
[Thu Jun 11 19:59:17.576343 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.backup"] [unique_id "ais9xZhbxTmX9uu_dpqMLwAAAJg"]
[Thu Jun 11 19:59:17.576426 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.backup"] [unique_id "ais9xZhbxTmX9uu_dpqMLwAAAJg"]
[Thu Jun 11 19:59:17.576693 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.backup"] [unique_id "ais9xZhbxTmX9uu_dpqMLwAAAJg"]
[Thu Jun 11 19:59:17.576928 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.backup"] [unique_id "ais9xZhbxTmX9uu_dpqMLwAAAJg"]
[Thu Jun 11 19:59:17.577183 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMLwAAAJg"]
[Thu Jun 11 19:59:17.709889 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.old"] [unique_id "ais9xZhbxTmX9uu_dpqMMQAAAJg"]
[Thu Jun 11 19:59:17.709989 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.old"] [unique_id "ais9xZhbxTmX9uu_dpqMMQAAAJg"]
[Thu Jun 11 19:59:17.711132 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.old"] [unique_id "ais9xZhbxTmX9uu_dpqMMQAAAJg"]
[Thu Jun 11 19:59:17.711416 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.old"] [unique_id "ais9xZhbxTmX9uu_dpqMMQAAAJg"]
[Thu Jun 11 19:59:17.711886 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMMQAAAJg"]
[Thu Jun 11 19:59:17.845950 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.save"] [unique_id "ais9xZhbxTmX9uu_dpqMMwAAAJg"]
[Thu Jun 11 19:59:17.846242 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.save"] [unique_id "ais9xZhbxTmX9uu_dpqMMwAAAJg"]
[Thu Jun 11 19:59:17.846521 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.save"] [unique_id "ais9xZhbxTmX9uu_dpqMMwAAAJg"]
[Thu Jun 11 19:59:17.846945 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMMwAAAJg"]
[Thu Jun 11 19:59:17.978331 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.swp"] [unique_id "ais9xZhbxTmX9uu_dpqMNgAAAJg"]
[Thu Jun 11 19:59:17.978426 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/shared/.env.swp"] [unique_id "ais9xZhbxTmX9uu_dpqMNgAAAJg"]
[Thu Jun 11 19:59:17.978632 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/shared/.env.swp"] [unique_id "ais9xZhbxTmX9uu_dpqMNgAAAJg"]
[Thu Jun 11 19:59:17.978935 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/shared/.env.swp"] [unique_id "ais9xZhbxTmX9uu_dpqMNgAAAJg"]
[Thu Jun 11 19:59:17.979235 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xZhbxTmX9uu_dpqMNgAAAJg"]
[Thu Jun 11 19:59:18.110688 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "ais9xphbxTmX9uu_dpqMOAAAAJg"]
[Thu Jun 11 19:59:18.110916 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "ais9xphbxTmX9uu_dpqMOAAAAJg"]
[Thu Jun 11 19:59:18.111115 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env"] [unique_id "ais9xphbxTmX9uu_dpqMOAAAAJg"]
[Thu Jun 11 19:59:18.111414 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMOAAAAJg"]
[Thu Jun 11 19:59:18.248669 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.local"] [unique_id "ais9xphbxTmX9uu_dpqMOQAAAJg"]
[Thu Jun 11 19:59:18.248909 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.local"] [unique_id "ais9xphbxTmX9uu_dpqMOQAAAJg"]
[Thu Jun 11 19:59:18.249323 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.local"] [unique_id "ais9xphbxTmX9uu_dpqMOQAAAJg"]
[Thu Jun 11 19:59:18.249633 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMOQAAAJg"]
[Thu Jun 11 19:59:18.383342 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.production"] [unique_id "ais9xphbxTmX9uu_dpqMOgAAAJg"]
[Thu Jun 11 19:59:18.383527 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.production"] [unique_id "ais9xphbxTmX9uu_dpqMOgAAAJg"]
[Thu Jun 11 19:59:18.383797 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.production"] [unique_id "ais9xphbxTmX9uu_dpqMOgAAAJg"]
[Thu Jun 11 19:59:18.384040 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMOgAAAJg"]
[Thu Jun 11 19:59:18.519125 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.prod"] [unique_id "ais9xphbxTmX9uu_dpqMPAAAAJg"]
[Thu Jun 11 19:59:18.519368 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.prod"] [unique_id "ais9xphbxTmX9uu_dpqMPAAAAJg"]
[Thu Jun 11 19:59:18.519694 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.prod"] [unique_id "ais9xphbxTmX9uu_dpqMPAAAAJg"]
[Thu Jun 11 19:59:18.520286 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMPAAAAJg"]
[Thu Jun 11 19:59:18.664410 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.development"] [unique_id "ais9xphbxTmX9uu_dpqMPwAAAJg"]
[Thu Jun 11 19:59:18.664693 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.development"] [unique_id "ais9xphbxTmX9uu_dpqMPwAAAJg"]
[Thu Jun 11 19:59:18.664904 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.development"] [unique_id "ais9xphbxTmX9uu_dpqMPwAAAJg"]
[Thu Jun 11 19:59:18.665206 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMPwAAAJg"]
[Thu Jun 11 19:59:18.801555 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.dev"] [unique_id "ais9xphbxTmX9uu_dpqMQQAAAJg"]
[Thu Jun 11 19:59:18.801827 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.dev"] [unique_id "ais9xphbxTmX9uu_dpqMQQAAAJg"]
[Thu Jun 11 19:59:18.802135 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.dev"] [unique_id "ais9xphbxTmX9uu_dpqMQQAAAJg"]
[Thu Jun 11 19:59:18.802419 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMQQAAAJg"]
[Thu Jun 11 19:59:18.933933 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.staging"] [unique_id "ais9xphbxTmX9uu_dpqMQwAAAJg"]
[Thu Jun 11 19:59:18.934127 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.staging"] [unique_id "ais9xphbxTmX9uu_dpqMQwAAAJg"]
[Thu Jun 11 19:59:18.934330 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.staging"] [unique_id "ais9xphbxTmX9uu_dpqMQwAAAJg"]
[Thu Jun 11 19:59:18.934558 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9xphbxTmX9uu_dpqMQwAAAJg"]
[Thu Jun 11 19:59:19.066513 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.stage"] [unique_id "ais9x5hbxTmX9uu_dpqMRAAAAJg"]
[Thu Jun 11 19:59:19.066804 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.stage"] [unique_id "ais9x5hbxTmX9uu_dpqMRAAAAJg"]
[Thu Jun 11 19:59:19.067105 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.stage"] [unique_id "ais9x5hbxTmX9uu_dpqMRAAAAJg"]
[Thu Jun 11 19:59:19.067332 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMRAAAAJg"]
[Thu Jun 11 19:59:19.200245 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.test"] [unique_id "ais9x5hbxTmX9uu_dpqMRgAAAJg"]
[Thu Jun 11 19:59:19.200522 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.test"] [unique_id "ais9x5hbxTmX9uu_dpqMRgAAAJg"]
[Thu Jun 11 19:59:19.200765 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.test"] [unique_id "ais9x5hbxTmX9uu_dpqMRgAAAJg"]
[Thu Jun 11 19:59:19.201042 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMRgAAAJg"]
[Thu Jun 11 19:59:19.335886 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.uat"] [unique_id "ais9x5hbxTmX9uu_dpqMRwAAAJg"]
[Thu Jun 11 19:59:19.336106 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.uat"] [unique_id "ais9x5hbxTmX9uu_dpqMRwAAAJg"]
[Thu Jun 11 19:59:19.336448 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.uat"] [unique_id "ais9x5hbxTmX9uu_dpqMRwAAAJg"]
[Thu Jun 11 19:59:19.336731 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMRwAAAJg"]
[Thu Jun 11 19:59:19.471208 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.qa"] [unique_id "ais9x5hbxTmX9uu_dpqMSgAAAJg"]
[Thu Jun 11 19:59:19.471464 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.qa"] [unique_id "ais9x5hbxTmX9uu_dpqMSgAAAJg"]
[Thu Jun 11 19:59:19.471741 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.qa"] [unique_id "ais9x5hbxTmX9uu_dpqMSgAAAJg"]
[Thu Jun 11 19:59:19.472034 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMSgAAAJg"]
[Thu Jun 11 19:59:19.604331 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.preprod"] [unique_id "ais9x5hbxTmX9uu_dpqMTQAAAJg"]
[Thu Jun 11 19:59:19.604633 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.preprod"] [unique_id "ais9x5hbxTmX9uu_dpqMTQAAAJg"]
[Thu Jun 11 19:59:19.604988 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.preprod"] [unique_id "ais9x5hbxTmX9uu_dpqMTQAAAJg"]
[Thu Jun 11 19:59:19.605323 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMTQAAAJg"]
[Thu Jun 11 19:59:19.742536 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.live"] [unique_id "ais9x5hbxTmX9uu_dpqMTgAAAJg"]
[Thu Jun 11 19:59:19.742849 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.live"] [unique_id "ais9x5hbxTmX9uu_dpqMTgAAAJg"]
[Thu Jun 11 19:59:19.743368 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.live"] [unique_id "ais9x5hbxTmX9uu_dpqMTgAAAJg"]
[Thu Jun 11 19:59:19.743681 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMTgAAAJg"]
[Thu Jun 11 19:59:19.879921 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.example"] [unique_id "ais9x5hbxTmX9uu_dpqMUQAAAJg"]
[Thu Jun 11 19:59:19.880334 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.example"] [unique_id "ais9x5hbxTmX9uu_dpqMUQAAAJg"]
[Thu Jun 11 19:59:19.880641 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.example"] [unique_id "ais9x5hbxTmX9uu_dpqMUQAAAJg"]
[Thu Jun 11 19:59:19.880906 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9x5hbxTmX9uu_dpqMUQAAAJg"]
[Thu Jun 11 19:59:20.013014 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.sample"] [unique_id "ais9yJhbxTmX9uu_dpqMUgAAAJg"]
[Thu Jun 11 19:59:20.013268 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.sample"] [unique_id "ais9yJhbxTmX9uu_dpqMUgAAAJg"]
[Thu Jun 11 19:59:20.013531 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.sample"] [unique_id "ais9yJhbxTmX9uu_dpqMUgAAAJg"]
[Thu Jun 11 19:59:20.014663 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMUgAAAJg"]
[Thu Jun 11 19:59:20.153042 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.dist"] [unique_id "ais9yJhbxTmX9uu_dpqMVQAAAJg"]
[Thu Jun 11 19:59:20.153294 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.dist"] [unique_id "ais9yJhbxTmX9uu_dpqMVQAAAJg"]
[Thu Jun 11 19:59:20.153890 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.dist"] [unique_id "ais9yJhbxTmX9uu_dpqMVQAAAJg"]
[Thu Jun 11 19:59:20.154187 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMVQAAAJg"]
[Thu Jun 11 19:59:20.287685 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.bak"] [unique_id "ais9yJhbxTmX9uu_dpqMVgAAAJg"]
[Thu Jun 11 19:59:20.287770 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.bak"] [unique_id "ais9yJhbxTmX9uu_dpqMVgAAAJg"]
[Thu Jun 11 19:59:20.287935 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.bak"] [unique_id "ais9yJhbxTmX9uu_dpqMVgAAAJg"]
[Thu Jun 11 19:59:20.288215 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.bak"] [unique_id "ais9yJhbxTmX9uu_dpqMVgAAAJg"]
[Thu Jun 11 19:59:20.288453 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMVgAAAJg"]
[Thu Jun 11 19:59:20.422287 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.backup"] [unique_id "ais9yJhbxTmX9uu_dpqMWQAAAJg"]
[Thu Jun 11 19:59:20.422394 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.backup"] [unique_id "ais9yJhbxTmX9uu_dpqMWQAAAJg"]
[Thu Jun 11 19:59:20.422638 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.backup"] [unique_id "ais9yJhbxTmX9uu_dpqMWQAAAJg"]
[Thu Jun 11 19:59:20.422965 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.backup"] [unique_id "ais9yJhbxTmX9uu_dpqMWQAAAJg"]
[Thu Jun 11 19:59:20.423314 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMWQAAAJg"]
[Thu Jun 11 19:59:20.555366 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.old"] [unique_id "ais9yJhbxTmX9uu_dpqMWgAAAJg"]
[Thu Jun 11 19:59:20.555463 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.old"] [unique_id "ais9yJhbxTmX9uu_dpqMWgAAAJg"]
[Thu Jun 11 19:59:20.555675 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.old"] [unique_id "ais9yJhbxTmX9uu_dpqMWgAAAJg"]
[Thu Jun 11 19:59:20.556022 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.old"] [unique_id "ais9yJhbxTmX9uu_dpqMWgAAAJg"]
[Thu Jun 11 19:59:20.556424 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMWgAAAJg"]
[Thu Jun 11 19:59:20.688742 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.save"] [unique_id "ais9yJhbxTmX9uu_dpqMXAAAAJg"]
[Thu Jun 11 19:59:20.689029 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.save"] [unique_id "ais9yJhbxTmX9uu_dpqMXAAAAJg"]
[Thu Jun 11 19:59:20.689328 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.save"] [unique_id "ais9yJhbxTmX9uu_dpqMXAAAAJg"]
[Thu Jun 11 19:59:20.689672 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMXAAAAJg"]
[Thu Jun 11 19:59:20.825754 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.swp"] [unique_id "ais9yJhbxTmX9uu_dpqMXgAAAJg"]
[Thu Jun 11 19:59:20.825928 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/.env.swp"] [unique_id "ais9yJhbxTmX9uu_dpqMXgAAAJg"]
[Thu Jun 11 19:59:20.826108 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/app/.env.swp"] [unique_id "ais9yJhbxTmX9uu_dpqMXgAAAJg"]
[Thu Jun 11 19:59:20.826402 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/.env.swp"] [unique_id "ais9yJhbxTmX9uu_dpqMXgAAAJg"]
[Thu Jun 11 19:59:20.826707 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMXgAAAJg"]
[Thu Jun 11 19:59:20.964206 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "ais9yJhbxTmX9uu_dpqMYQAAAJg"]
[Thu Jun 11 19:59:20.964482 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "ais9yJhbxTmX9uu_dpqMYQAAAJg"]
[Thu Jun 11 19:59:20.964836 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env"] [unique_id "ais9yJhbxTmX9uu_dpqMYQAAAJg"]
[Thu Jun 11 19:59:20.965182 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yJhbxTmX9uu_dpqMYQAAAJg"]
[Thu Jun 11 19:59:21.099066 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.local"] [unique_id "ais9yZhbxTmX9uu_dpqMYwAAAJg"]
[Thu Jun 11 19:59:21.099297 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.local"] [unique_id "ais9yZhbxTmX9uu_dpqMYwAAAJg"]
[Thu Jun 11 19:59:21.100386 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.local"] [unique_id "ais9yZhbxTmX9uu_dpqMYwAAAJg"]
[Thu Jun 11 19:59:21.100756 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMYwAAAJg"]
[Thu Jun 11 19:59:21.233827 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.production"] [unique_id "ais9yZhbxTmX9uu_dpqMZAAAAJg"]
[Thu Jun 11 19:59:21.234047 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.production"] [unique_id "ais9yZhbxTmX9uu_dpqMZAAAAJg"]
[Thu Jun 11 19:59:21.234305 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.production"] [unique_id "ais9yZhbxTmX9uu_dpqMZAAAAJg"]
[Thu Jun 11 19:59:21.234534 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMZAAAAJg"]
[Thu Jun 11 19:59:21.377897 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.prod"] [unique_id "ais9yZhbxTmX9uu_dpqMZgAAAJg"]
[Thu Jun 11 19:59:21.378444 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.prod"] [unique_id "ais9yZhbxTmX9uu_dpqMZgAAAJg"]
[Thu Jun 11 19:59:21.378832 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.prod"] [unique_id "ais9yZhbxTmX9uu_dpqMZgAAAJg"]
[Thu Jun 11 19:59:21.379277 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMZgAAAJg"]
[Thu Jun 11 19:59:21.512998 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.development"] [unique_id "ais9yZhbxTmX9uu_dpqMaAAAAJg"]
[Thu Jun 11 19:59:21.513336 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.development"] [unique_id "ais9yZhbxTmX9uu_dpqMaAAAAJg"]
[Thu Jun 11 19:59:21.513862 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.development"] [unique_id "ais9yZhbxTmX9uu_dpqMaAAAAJg"]
[Thu Jun 11 19:59:21.514204 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMaAAAAJg"]
[Thu Jun 11 19:59:21.647415 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.dev"] [unique_id "ais9yZhbxTmX9uu_dpqMaQAAAJg"]
[Thu Jun 11 19:59:21.647639 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.dev"] [unique_id "ais9yZhbxTmX9uu_dpqMaQAAAJg"]
[Thu Jun 11 19:59:21.647931 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.dev"] [unique_id "ais9yZhbxTmX9uu_dpqMaQAAAJg"]
[Thu Jun 11 19:59:21.648170 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMaQAAAJg"]
[Thu Jun 11 19:59:21.779806 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.staging"] [unique_id "ais9yZhbxTmX9uu_dpqMbAAAAJg"]
[Thu Jun 11 19:59:21.780037 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.staging"] [unique_id "ais9yZhbxTmX9uu_dpqMbAAAAJg"]
[Thu Jun 11 19:59:21.780301 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.staging"] [unique_id "ais9yZhbxTmX9uu_dpqMbAAAAJg"]
[Thu Jun 11 19:59:21.780552 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMbAAAAJg"]
[Thu Jun 11 19:59:21.914699 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.stage"] [unique_id "ais9yZhbxTmX9uu_dpqMbgAAAJg"]
[Thu Jun 11 19:59:21.914922 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.stage"] [unique_id "ais9yZhbxTmX9uu_dpqMbgAAAJg"]
[Thu Jun 11 19:59:21.915185 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.stage"] [unique_id "ais9yZhbxTmX9uu_dpqMbgAAAJg"]
[Thu Jun 11 19:59:21.915435 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yZhbxTmX9uu_dpqMbgAAAJg"]
[Thu Jun 11 19:59:22.048463 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.test"] [unique_id "ais9yphbxTmX9uu_dpqMcAAAAJg"]
[Thu Jun 11 19:59:22.048735 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.test"] [unique_id "ais9yphbxTmX9uu_dpqMcAAAAJg"]
[Thu Jun 11 19:59:22.049030 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.test"] [unique_id "ais9yphbxTmX9uu_dpqMcAAAAJg"]
[Thu Jun 11 19:59:22.049507 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMcAAAAJg"]
[Thu Jun 11 19:59:22.187079 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.uat"] [unique_id "ais9yphbxTmX9uu_dpqMcwAAAJg"]
[Thu Jun 11 19:59:22.187326 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.uat"] [unique_id "ais9yphbxTmX9uu_dpqMcwAAAJg"]
[Thu Jun 11 19:59:22.187633 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.uat"] [unique_id "ais9yphbxTmX9uu_dpqMcwAAAJg"]
[Thu Jun 11 19:59:22.188016 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMcwAAAJg"]
[Thu Jun 11 19:59:22.324408 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.qa"] [unique_id "ais9yphbxTmX9uu_dpqMdAAAAJg"]
[Thu Jun 11 19:59:22.324636 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.qa"] [unique_id "ais9yphbxTmX9uu_dpqMdAAAAJg"]
[Thu Jun 11 19:59:22.324968 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.qa"] [unique_id "ais9yphbxTmX9uu_dpqMdAAAAJg"]
[Thu Jun 11 19:59:22.325325 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMdAAAAJg"]
[Thu Jun 11 19:59:22.456696 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.preprod"] [unique_id "ais9yphbxTmX9uu_dpqMdQAAAJg"]
[Thu Jun 11 19:59:22.456944 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.preprod"] [unique_id "ais9yphbxTmX9uu_dpqMdQAAAJg"]
[Thu Jun 11 19:59:22.457240 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.preprod"] [unique_id "ais9yphbxTmX9uu_dpqMdQAAAJg"]
[Thu Jun 11 19:59:22.457489 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMdQAAAJg"]
[Thu Jun 11 19:59:22.589962 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.live"] [unique_id "ais9yphbxTmX9uu_dpqMeQAAAJg"]
[Thu Jun 11 19:59:22.590268 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.live"] [unique_id "ais9yphbxTmX9uu_dpqMeQAAAJg"]
[Thu Jun 11 19:59:22.590568 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.live"] [unique_id "ais9yphbxTmX9uu_dpqMeQAAAJg"]
[Thu Jun 11 19:59:22.590930 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMeQAAAJg"]
[Thu Jun 11 19:59:22.724721 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.example"] [unique_id "ais9yphbxTmX9uu_dpqMegAAAJg"]
[Thu Jun 11 19:59:22.724927 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.example"] [unique_id "ais9yphbxTmX9uu_dpqMegAAAJg"]
[Thu Jun 11 19:59:22.725225 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.example"] [unique_id "ais9yphbxTmX9uu_dpqMegAAAJg"]
[Thu Jun 11 19:59:22.725461 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMegAAAJg"]
[Thu Jun 11 19:59:22.857542 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.sample"] [unique_id "ais9yphbxTmX9uu_dpqMfAAAAJg"]
[Thu Jun 11 19:59:22.857783 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.sample"] [unique_id "ais9yphbxTmX9uu_dpqMfAAAAJg"]
[Thu Jun 11 19:59:22.858044 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.sample"] [unique_id "ais9yphbxTmX9uu_dpqMfAAAAJg"]
[Thu Jun 11 19:59:22.858306 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMfAAAAJg"]
[Thu Jun 11 19:59:22.989760 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.dist"] [unique_id "ais9yphbxTmX9uu_dpqMfgAAAJg"]
[Thu Jun 11 19:59:22.989979 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.dist"] [unique_id "ais9yphbxTmX9uu_dpqMfgAAAJg"]
[Thu Jun 11 19:59:22.990380 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.dist"] [unique_id "ais9yphbxTmX9uu_dpqMfgAAAJg"]
[Thu Jun 11 19:59:22.990734 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9yphbxTmX9uu_dpqMfgAAAJg"]
[Thu Jun 11 19:59:23.125372 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.bak"] [unique_id "ais9y5hbxTmX9uu_dpqMfwAAAJg"]
[Thu Jun 11 19:59:23.125455 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.bak"] [unique_id "ais9y5hbxTmX9uu_dpqMfwAAAJg"]
[Thu Jun 11 19:59:23.125667 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.bak"] [unique_id "ais9y5hbxTmX9uu_dpqMfwAAAJg"]
[Thu Jun 11 19:59:23.125901 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.bak"] [unique_id "ais9y5hbxTmX9uu_dpqMfwAAAJg"]
[Thu Jun 11 19:59:23.126139 2026] [security2:error] [pid 2253:tid 2283] [client 179.43.168.58:42106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9y5hbxTmX9uu_dpqMfwAAAJg"]
[Thu Jun 11 19:59:23.534431 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.backup"] [unique_id "ais9y25ZjIIcput37E0EywAAAQo"]
[Thu Jun 11 19:59:23.534541 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.backup"] [unique_id "ais9y25ZjIIcput37E0EywAAAQo"]
[Thu Jun 11 19:59:23.534756 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.backup"] [unique_id "ais9y25ZjIIcput37E0EywAAAQo"]
[Thu Jun 11 19:59:23.535029 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.backup"] [unique_id "ais9y25ZjIIcput37E0EywAAAQo"]
[Thu Jun 11 19:59:23.535273 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9y25ZjIIcput37E0EywAAAQo"]
[Thu Jun 11 19:59:23.673134 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.old"] [unique_id "ais9y25ZjIIcput37E0EzQAAAQo"]
[Thu Jun 11 19:59:23.673221 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.old"] [unique_id "ais9y25ZjIIcput37E0EzQAAAQo"]
[Thu Jun 11 19:59:23.673388 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.old"] [unique_id "ais9y25ZjIIcput37E0EzQAAAQo"]
[Thu Jun 11 19:59:23.673683 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.old"] [unique_id "ais9y25ZjIIcput37E0EzQAAAQo"]
[Thu Jun 11 19:59:23.673917 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9y25ZjIIcput37E0EzQAAAQo"]
[Thu Jun 11 19:59:23.807461 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.save"] [unique_id "ais9y25ZjIIcput37E0EzgAAAQo"]
[Thu Jun 11 19:59:23.807699 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.save"] [unique_id "ais9y25ZjIIcput37E0EzgAAAQo"]
[Thu Jun 11 19:59:23.807950 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.save"] [unique_id "ais9y25ZjIIcput37E0EzgAAAQo"]
[Thu Jun 11 19:59:23.808185 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9y25ZjIIcput37E0EzgAAAQo"]
[Thu Jun 11 19:59:23.947770 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.swp"] [unique_id "ais9y25ZjIIcput37E0E0AAAAQo"]
[Thu Jun 11 19:59:23.947887 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/.env.swp"] [unique_id "ais9y25ZjIIcput37E0E0AAAAQo"]
[Thu Jun 11 19:59:23.948066 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/web/.env.swp"] [unique_id "ais9y25ZjIIcput37E0E0AAAAQo"]
[Thu Jun 11 19:59:23.948365 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/web/.env.swp"] [unique_id "ais9y25ZjIIcput37E0E0AAAAQo"]
[Thu Jun 11 19:59:23.948716 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9y25ZjIIcput37E0E0AAAAQo"]
[Thu Jun 11 19:59:24.083691 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "ais9zG5ZjIIcput37E0E0gAAAQo"]
[Thu Jun 11 19:59:24.083891 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "ais9zG5ZjIIcput37E0E0gAAAQo"]
[Thu Jun 11 19:59:24.084141 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env"] [unique_id "ais9zG5ZjIIcput37E0E0gAAAQo"]
[Thu Jun 11 19:59:24.084539 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E0gAAAQo"]
[Thu Jun 11 19:59:24.220253 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.local"] [unique_id "ais9zG5ZjIIcput37E0E1AAAAQo"]
[Thu Jun 11 19:59:24.220486 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.local"] [unique_id "ais9zG5ZjIIcput37E0E1AAAAQo"]
[Thu Jun 11 19:59:24.220786 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.local"] [unique_id "ais9zG5ZjIIcput37E0E1AAAAQo"]
[Thu Jun 11 19:59:24.221201 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E1AAAAQo"]
[Thu Jun 11 19:59:24.358498 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.production"] [unique_id "ais9zG5ZjIIcput37E0E1gAAAQo"]
[Thu Jun 11 19:59:24.358714 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.production"] [unique_id "ais9zG5ZjIIcput37E0E1gAAAQo"]
[Thu Jun 11 19:59:24.358990 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.production"] [unique_id "ais9zG5ZjIIcput37E0E1gAAAQo"]
[Thu Jun 11 19:59:24.359228 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E1gAAAQo"]
[Thu Jun 11 19:59:24.493334 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.prod"] [unique_id "ais9zG5ZjIIcput37E0E2AAAAQo"]
[Thu Jun 11 19:59:24.493560 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.prod"] [unique_id "ais9zG5ZjIIcput37E0E2AAAAQo"]
[Thu Jun 11 19:59:24.493836 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.prod"] [unique_id "ais9zG5ZjIIcput37E0E2AAAAQo"]
[Thu Jun 11 19:59:24.494095 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E2AAAAQo"]
[Thu Jun 11 19:59:24.635058 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.development"] [unique_id "ais9zG5ZjIIcput37E0E2gAAAQo"]
[Thu Jun 11 19:59:24.635458 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.development"] [unique_id "ais9zG5ZjIIcput37E0E2gAAAQo"]
[Thu Jun 11 19:59:24.635791 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.development"] [unique_id "ais9zG5ZjIIcput37E0E2gAAAQo"]
[Thu Jun 11 19:59:24.636139 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E2gAAAQo"]
[Thu Jun 11 19:59:24.769799 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.dev"] [unique_id "ais9zG5ZjIIcput37E0E2wAAAQo"]
[Thu Jun 11 19:59:24.770019 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.dev"] [unique_id "ais9zG5ZjIIcput37E0E2wAAAQo"]
[Thu Jun 11 19:59:24.770297 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.dev"] [unique_id "ais9zG5ZjIIcput37E0E2wAAAQo"]
[Thu Jun 11 19:59:24.771251 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E2wAAAQo"]
[Thu Jun 11 19:59:24.902774 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.staging"] [unique_id "ais9zG5ZjIIcput37E0E3QAAAQo"]
[Thu Jun 11 19:59:24.903005 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.staging"] [unique_id "ais9zG5ZjIIcput37E0E3QAAAQo"]
[Thu Jun 11 19:59:24.903277 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.staging"] [unique_id "ais9zG5ZjIIcput37E0E3QAAAQo"]
[Thu Jun 11 19:59:24.903566 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zG5ZjIIcput37E0E3QAAAQo"]
[Thu Jun 11 19:59:25.038280 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.stage"] [unique_id "ais9zW5ZjIIcput37E0E3wAAAQo"]
[Thu Jun 11 19:59:25.038505 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.stage"] [unique_id "ais9zW5ZjIIcput37E0E3wAAAQo"]
[Thu Jun 11 19:59:25.038850 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.stage"] [unique_id "ais9zW5ZjIIcput37E0E3wAAAQo"]
[Thu Jun 11 19:59:25.039129 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E3wAAAQo"]
[Thu Jun 11 19:59:25.175515 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.test"] [unique_id "ais9zW5ZjIIcput37E0E4gAAAQo"]
[Thu Jun 11 19:59:25.175781 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.test"] [unique_id "ais9zW5ZjIIcput37E0E4gAAAQo"]
[Thu Jun 11 19:59:25.176049 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.test"] [unique_id "ais9zW5ZjIIcput37E0E4gAAAQo"]
[Thu Jun 11 19:59:25.176297 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E4gAAAQo"]
[Thu Jun 11 19:59:25.310495 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.uat"] [unique_id "ais9zW5ZjIIcput37E0E4wAAAQo"]
[Thu Jun 11 19:59:25.310762 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.uat"] [unique_id "ais9zW5ZjIIcput37E0E4wAAAQo"]
[Thu Jun 11 19:59:25.311043 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.uat"] [unique_id "ais9zW5ZjIIcput37E0E4wAAAQo"]
[Thu Jun 11 19:59:25.311275 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E4wAAAQo"]
[Thu Jun 11 19:59:25.450864 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.qa"] [unique_id "ais9zW5ZjIIcput37E0E5AAAAQo"]
[Thu Jun 11 19:59:25.451107 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.qa"] [unique_id "ais9zW5ZjIIcput37E0E5AAAAQo"]
[Thu Jun 11 19:59:25.451392 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.qa"] [unique_id "ais9zW5ZjIIcput37E0E5AAAAQo"]
[Thu Jun 11 19:59:25.451652 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E5AAAAQo"]
[Thu Jun 11 19:59:25.586851 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.preprod"] [unique_id "ais9zW5ZjIIcput37E0E5gAAAQo"]
[Thu Jun 11 19:59:25.587170 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.preprod"] [unique_id "ais9zW5ZjIIcput37E0E5gAAAQo"]
[Thu Jun 11 19:59:25.587781 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.preprod"] [unique_id "ais9zW5ZjIIcput37E0E5gAAAQo"]
[Thu Jun 11 19:59:25.588041 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E5gAAAQo"]
[Thu Jun 11 19:59:25.722647 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.live"] [unique_id "ais9zW5ZjIIcput37E0E6QAAAQo"]
[Thu Jun 11 19:59:25.722889 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.live"] [unique_id "ais9zW5ZjIIcput37E0E6QAAAQo"]
[Thu Jun 11 19:59:25.723145 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.live"] [unique_id "ais9zW5ZjIIcput37E0E6QAAAQo"]
[Thu Jun 11 19:59:25.723504 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E6QAAAQo"]
[Thu Jun 11 19:59:25.859400 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.example"] [unique_id "ais9zW5ZjIIcput37E0E6gAAAQo"]
[Thu Jun 11 19:59:25.859603 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.example"] [unique_id "ais9zW5ZjIIcput37E0E6gAAAQo"]
[Thu Jun 11 19:59:25.859850 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.example"] [unique_id "ais9zW5ZjIIcput37E0E6gAAAQo"]
[Thu Jun 11 19:59:25.860113 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E6gAAAQo"]
[Thu Jun 11 19:59:25.993518 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.sample"] [unique_id "ais9zW5ZjIIcput37E0E7AAAAQo"]
[Thu Jun 11 19:59:25.993787 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.sample"] [unique_id "ais9zW5ZjIIcput37E0E7AAAAQo"]
[Thu Jun 11 19:59:25.994071 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.sample"] [unique_id "ais9zW5ZjIIcput37E0E7AAAAQo"]
[Thu Jun 11 19:59:25.994409 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zW5ZjIIcput37E0E7AAAAQo"]
[Thu Jun 11 19:59:26.130228 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.dist"] [unique_id "ais9zm5ZjIIcput37E0E7QAAAQo"]
[Thu Jun 11 19:59:26.130441 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.dist"] [unique_id "ais9zm5ZjIIcput37E0E7QAAAQo"]
[Thu Jun 11 19:59:26.130776 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.dist"] [unique_id "ais9zm5ZjIIcput37E0E7QAAAQo"]
[Thu Jun 11 19:59:26.131100 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E7QAAAQo"]
[Thu Jun 11 19:59:26.266045 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.bak"] [unique_id "ais9zm5ZjIIcput37E0E8AAAAQo"]
[Thu Jun 11 19:59:26.266150 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.bak"] [unique_id "ais9zm5ZjIIcput37E0E8AAAAQo"]
[Thu Jun 11 19:59:26.266332 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.bak"] [unique_id "ais9zm5ZjIIcput37E0E8AAAAQo"]
[Thu Jun 11 19:59:26.266991 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.bak"] [unique_id "ais9zm5ZjIIcput37E0E8AAAAQo"]
[Thu Jun 11 19:59:26.267316 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E8AAAAQo"]
[Thu Jun 11 19:59:26.399797 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.backup"] [unique_id "ais9zm5ZjIIcput37E0E8QAAAQo"]
[Thu Jun 11 19:59:26.399899 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.backup"] [unique_id "ais9zm5ZjIIcput37E0E8QAAAQo"]
[Thu Jun 11 19:59:26.400078 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.backup"] [unique_id "ais9zm5ZjIIcput37E0E8QAAAQo"]
[Thu Jun 11 19:59:26.400394 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.backup"] [unique_id "ais9zm5ZjIIcput37E0E8QAAAQo"]
[Thu Jun 11 19:59:26.400655 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E8QAAAQo"]
[Thu Jun 11 19:59:26.532770 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.old"] [unique_id "ais9zm5ZjIIcput37E0E9AAAAQo"]
[Thu Jun 11 19:59:26.532876 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.old"] [unique_id "ais9zm5ZjIIcput37E0E9AAAAQo"]
[Thu Jun 11 19:59:26.533028 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.old"] [unique_id "ais9zm5ZjIIcput37E0E9AAAAQo"]
[Thu Jun 11 19:59:26.533326 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.old"] [unique_id "ais9zm5ZjIIcput37E0E9AAAAQo"]
[Thu Jun 11 19:59:26.533605 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E9AAAAQo"]
[Thu Jun 11 19:59:26.669930 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.save"] [unique_id "ais9zm5ZjIIcput37E0E9gAAAQo"]
[Thu Jun 11 19:59:26.670131 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.save"] [unique_id "ais9zm5ZjIIcput37E0E9gAAAQo"]
[Thu Jun 11 19:59:26.670448 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.save"] [unique_id "ais9zm5ZjIIcput37E0E9gAAAQo"]
[Thu Jun 11 19:59:26.670734 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E9gAAAQo"]
[Thu Jun 11 19:59:26.806738 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.swp"] [unique_id "ais9zm5ZjIIcput37E0E9wAAAQo"]
[Thu Jun 11 19:59:26.806817 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/.env.swp"] [unique_id "ais9zm5ZjIIcput37E0E9wAAAQo"]
[Thu Jun 11 19:59:26.806961 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/www/.env.swp"] [unique_id "ais9zm5ZjIIcput37E0E9wAAAQo"]
[Thu Jun 11 19:59:26.807187 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/.env.swp"] [unique_id "ais9zm5ZjIIcput37E0E9wAAAQo"]
[Thu Jun 11 19:59:26.807426 2026] [security2:error] [pid 25342:tid 25355] [client 179.43.168.58:33494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ais9zm5ZjIIcput37E0E9wAAAQo"]
[Thu Jun 11 20:00:20.196078 2026] [:error] [pid 25342:tid 25361] [client 4.205.213.117:44142] File does not exist: /var/www/html/this_is_a_new_hello_world.php
[Thu Jun 11 20:00:20.263788 2026] [:error] [pid 25342:tid 25361] [client 4.205.213.117:44142] File does not exist: /var/www/html/wp-Blogs.php
[Thu Jun 11 20:01:24.854522 2026] [security2:error] [pid 19676:tid 19700] [client 117.89.250.209:35363] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ais-RPu9t63IK8VErVk1NQAAANM"]
[Thu Jun 11 20:01:25.181917 2026] [security2:error] [pid 2253:tid 2276] [client 117.89.250.209:27439] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "ais-RZhbxTmX9uu_dpqPkwAAAJE"]
[Thu Jun 11 20:07:02.592913 2026] [security2:error] [pid 25848:tid 25865] [client 172.176.6.27:62409] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ais_lku3w-1taBUoJpEXQgAAAEU"]
[Thu Jun 11 20:07:03.716568 2026] [security2:error] [pid 1658:tid 1668] [client 172.176.6.27:62461] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "augenn.com"] [uri "/"] [unique_id "ais_l8uk7NsHZDqaWIS7cwAAAAc"]
[Thu Jun 11 20:07:28.913542 2026] [security2:error] [pid 1658:tid 1684] [client 4.172.77.70:49173] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/"] [unique_id "ais_sMuk7NsHZDqaWIS7nQAAABc"]
[Thu Jun 11 20:07:29.376894 2026] [security2:error] [pid 1658:tid 1685] [client 4.172.77.70:49256] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/"] [unique_id "ais_scuk7NsHZDqaWIS7ngAAABg"]
[Thu Jun 11 20:20:00.276741 2026] [security2:error] [pid 3366:tid 3375] [client 207.90.244.14:33224] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitCoA_yFoCwT1EVIAR65wAAAEY"]
[Thu Jun 11 20:20:15.462529 2026] [core:error] [pid 10949:tid 10970] [client 207.90.244.14:54042] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Thu Jun 11 20:20:17.186075 2026] [core:error] [pid 3366:tid 3380] [client 207.90.244.14:50962] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Thu Jun 11 20:20:19.031185 2026] [core:error] [pid 19676:tid 19682] [client 207.90.244.14:50968] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Thu Jun 11 20:20:21.070707 2026] [core:error] [pid 3366:tid 3384] [client 207.90.244.14:50974] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Thu Jun 11 20:20:32.851684 2026] [security2:error] [pid 3366:tid 3373] [client 207.90.244.14:48400] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aitCwA_yFoCwT1EVIAR7jwAAAEQ"]
[Thu Jun 11 20:20:33.508627 2026] [security2:error] [pid 10949:tid 10959] [client 207.90.244.14:48402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/sitemap.xml"] [unique_id "aitCwURFtDk6jPH-LhMtZQAAAAc"]
[Thu Jun 11 20:20:35.088955 2026] [security2:error] [pid 19676:tid 19705] [client 207.90.244.14:48416] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.well-known/security.txt"] [unique_id "aitCw_u9t63IK8VErVlJPAAAANg"]
[Thu Jun 11 20:20:37.208026 2026] [security2:error] [pid 3366:tid 3385] [client 207.90.244.14:57960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitCxQ_yFoCwT1EVIAR7owAAAFA"]
[Thu Jun 11 20:22:08.551644 2026] [security2:error] [pid 19676:tid 19700] [client 18.222.198.216:64090] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitDIPu9t63IK8VErVlK6AAAANM"]
[Thu Jun 11 20:22:45.180963 2026] [security2:error] [pid 19676:tid 19704] [client 51.159.23.43:35230] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitDRfu9t63IK8VErVlL7wAAANc"]
[Thu Jun 11 20:23:44.326263 2026] [security2:error] [pid 10949:tid 10958] [client 198.235.24.25:57916] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitDgERFtDk6jPH-LhMwGQAAAAY"]
[Thu Jun 11 20:23:44.854764 2026] [security2:error] [pid 10949:tid 10969] [client 198.235.24.25:63422] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aitDgERFtDk6jPH-LhMwGwAAABE"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 20:24:27.813059 2026] [security2:error] [pid 3366:tid 3380] [client 18.222.198.216:50672] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitDqw_yFoCwT1EVIASAaQAAAEs"]
[Thu Jun 11 20:29:37.977393 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/this_is_a_new_hello_world.php
[Thu Jun 11 20:29:38.379728 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/aa.php
[Thu Jun 11 20:29:38.525147 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xmrlpc.php
[Thu Jun 11 20:29:38.665760 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/class.php
[Thu Jun 11 20:29:38.803710 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/goods.php
[Thu Jun 11 20:29:38.974116 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/info.php
[Thu Jun 11 20:29:39.198979 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/as.php
[Thu Jun 11 20:29:39.338969 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/bb.php
[Thu Jun 11 20:29:39.483911 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/about.php
[Thu Jun 11 20:29:39.622215 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/222.php
[Thu Jun 11 20:29:39.760247 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/test1.php
[Thu Jun 11 20:29:39.909348 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-mail.php
[Thu Jun 11 20:29:40.083789 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp.php
[Thu Jun 11 20:29:40.221656 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/adminfuns.php
[Thu Jun 11 20:29:40.390695 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/php8.php
[Thu Jun 11 20:29:40.593002 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ioxi-o.php
[Thu Jun 11 20:29:40.749908 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/edit.php
[Thu Jun 11 20:29:40.888956 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/sid3.php
[Thu Jun 11 20:29:41.074084 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/166.php
[Thu Jun 11 20:29:41.213626 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/test.php
[Thu Jun 11 20:29:41.497440 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-the.php
[Thu Jun 11 20:29:41.637855 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/CDX2.php
[Thu Jun 11 20:29:41.782783 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/profile.php
[Thu Jun 11 20:29:41.923176 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ws80.php
[Thu Jun 11 20:29:42.062186 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/a4.php
[Thu Jun 11 20:29:42.209872 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/buy.php
[Thu Jun 11 20:29:42.368865 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/core.php
[Thu Jun 11 20:29:42.508721 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/lock360.php
[Thu Jun 11 20:29:42.646475 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/bc.php
[Thu Jun 11 20:29:42.800849 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/av.php
[Thu Jun 11 20:29:42.945109 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xs.php
[Thu Jun 11 20:29:43.085819 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xxa.php
[Thu Jun 11 20:29:43.241814 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/index0.php
[Thu Jun 11 20:29:43.387802 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-kz.php
[Thu Jun 11 20:29:43.555654 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/19.php
[Thu Jun 11 20:29:43.698478 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/11.php
[Thu Jun 11 20:29:43.842859 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/w.php
[Thu Jun 11 20:29:43.982210 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ws78.php
[Thu Jun 11 20:29:44.123886 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xxx.php
[Thu Jun 11 20:29:44.265427 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/a7.php
[Thu Jun 11 20:29:44.427957 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/BDKR28WP.php
[Thu Jun 11 20:29:44.598555 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/a1.php
[Thu Jun 11 20:29:44.736728 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/d.php
[Thu Jun 11 20:29:44.876864 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xff.php
[Thu Jun 11 20:29:45.027820 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xltt.php
[Thu Jun 11 20:29:45.166093 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/son.php
[Thu Jun 11 20:29:45.306692 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/doc.php
[Thu Jun 11 20:29:45.466644 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/zo.php
[Thu Jun 11 20:29:45.604898 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/xper1.php
[Thu Jun 11 20:29:45.765923 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/tiny.php
[Thu Jun 11 20:29:45.916543 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/s1.php
[Thu Jun 11 20:29:46.059085 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/de.php
[Thu Jun 11 20:29:46.214203 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/1a.php
[Thu Jun 11 20:29:46.354274 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/2.php
[Thu Jun 11 20:29:46.493956 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/sky.php
[Thu Jun 11 20:29:46.652260 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/man.php
[Thu Jun 11 20:29:46.803533 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ms-edit.php
[Thu Jun 11 20:29:46.941366 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/7.php
[Thu Jun 11 20:29:47.102012 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/pp.php
[Thu Jun 11 20:29:47.263086 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/mar.php
[Thu Jun 11 20:29:47.428213 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/acp.php
[Thu Jun 11 20:29:47.585517 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/zdd.php
[Thu Jun 11 20:29:47.723711 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/link.php
[Thu Jun 11 20:29:47.870107 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/sallu.php
[Thu Jun 11 20:29:48.011911 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/aboute.php
[Thu Jun 11 20:29:48.163740 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/one.php
[Thu Jun 11 20:29:48.322529 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/tx79.php
[Thu Jun 11 20:29:48.464837 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-class.php
[Thu Jun 11 20:29:48.607279 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/8.php
[Thu Jun 11 20:29:48.747854 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/options.php
[Thu Jun 11 20:29:48.889845 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/f5.php
[Thu Jun 11 20:29:49.030440 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/alpha.php
[Thu Jun 11 20:29:49.197952 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/son1.php
[Thu Jun 11 20:29:49.358981 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ggb.php
[Thu Jun 11 20:29:49.588073 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/ss.php
[Thu Jun 11 20:29:49.728987 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/rh.php
[Thu Jun 11 20:29:49.881867 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/99.php
[Thu Jun 11 20:29:50.023685 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/layout.php
[Thu Jun 11 20:29:50.172711 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/12.php
[Thu Jun 11 20:29:50.318950 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/fs.php
[Thu Jun 11 20:29:50.557038 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/aaa.php
[Thu Jun 11 20:29:50.699764 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/Ov-Simple1.php
[Thu Jun 11 20:29:50.839301 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/a5.php
[Thu Jun 11 20:29:50.979994 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/hplfuns.php
[Thu Jun 11 20:29:51.173276 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/bolt.php
[Thu Jun 11 20:29:51.310882 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/inputs.php
[Thu Jun 11 20:29:51.452510 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/file2.php
[Thu Jun 11 20:29:51.903818 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/alfa.php
[Thu Jun 11 20:29:52.063470 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-theme.php
[Thu Jun 11 20:29:52.204518 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/wp-file.php
[Thu Jun 11 20:29:52.361879 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/default.php
[Thu Jun 11 20:29:52.500675 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/mah.php
[Thu Jun 11 20:29:52.642330 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/plugins.php
[Thu Jun 11 20:29:52.788697 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/sf.php
[Thu Jun 11 20:29:52.929927 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/a.php
[Thu Jun 11 20:29:53.067802 2026] [:error] [pid 12621:tid 12630] [client 191.237.248.153:23197] File does not exist: /var/www/html/k.php
[Thu Jun 11 20:29:53.405196 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/ini.php
[Thu Jun 11 20:29:53.553486 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/ca4.php
[Thu Jun 11 20:29:53.859357 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/wp-info.php
[Thu Jun 11 20:29:54.001102 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/init.php
[Thu Jun 11 20:29:54.140709 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/100.php
[Thu Jun 11 20:29:54.279666 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/fm.php
[Thu Jun 11 20:29:54.562067 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/xroot7.php
[Thu Jun 11 20:29:54.701654 2026] [:error] [pid 12621:tid 12638] [client 191.237.248.153:23174] File does not exist: /var/www/html/mini.php
[Thu Jun 11 20:36:44.893610 2026] [security2:error] [pid 3366:tid 3390] [client 129.211.172.249:42092] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aitGjA_yFoCwT1EVIASN3AAAAFU"]
[Thu Jun 11 20:43:34.820343 2026] [security2:error] [pid 25342:tid 25346] [client 45.156.128.41:36300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitIJm5ZjIIcput37E0zJQAAAQE"]
[Thu Jun 11 20:50:34.667710 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Thu Jun 11 20:50:34.693163 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/x.php
[Thu Jun 11 20:50:35.300312 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wpconf.php
[Thu Jun 11 20:50:35.330377 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/aaf.php
[Thu Jun 11 20:50:35.355518 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/tw0.php
[Thu Jun 11 20:50:35.384027 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/htt.php
[Thu Jun 11 20:50:35.414913 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/eid.php
[Thu Jun 11 20:50:35.452898 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/hellcut.php
[Thu Jun 11 20:50:35.568159 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/tdd.php
[Thu Jun 11 20:50:36.047877 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wander.php
[Thu Jun 11 20:50:36.452377 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/ha.php
[Thu Jun 11 20:50:36.506720 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/155.php
[Thu Jun 11 20:50:37.197857 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/ppp.php
[Thu Jun 11 20:50:37.224721 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/201.php
[Thu Jun 11 20:50:37.274996 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/ops.php
[Thu Jun 11 20:50:37.373869 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/samll.php
[Thu Jun 11 20:50:37.419704 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/ingfo.php
[Thu Jun 11 20:50:37.455685 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/c55cdler.php
[Thu Jun 11 20:50:37.483899 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/error_log.php
[Thu Jun 11 20:50:37.576823 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/xenon1337.php
[Thu Jun 11 20:50:37.608715 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/alfa403.php
[Thu Jun 11 20:50:37.691671 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/test11.php
[Thu Jun 11 20:50:37.783765 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/koala.php
[Thu Jun 11 20:50:37.811223 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/mac.php
[Thu Jun 11 20:50:37.842723 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/25d653587fdfd1.php
[Thu Jun 11 20:50:37.878100 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wefile.php
[Thu Jun 11 20:50:38.650657 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/half.php
[Thu Jun 11 20:50:39.573256 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/2P.php
[Thu Jun 11 20:50:39.933146 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/tires.php
[Thu Jun 11 20:50:40.007940 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/like.php
[Thu Jun 11 20:50:40.044844 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/.well-known/about.php
[Thu Jun 11 20:50:40.105817 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/bob.php
[Thu Jun 11 20:50:40.527083 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/t3s.php
[Thu Jun 11 20:50:41.332064 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/uwu.php
[Thu Jun 11 20:50:41.372418 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/uwa.php
[Thu Jun 11 20:50:41.467081 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/crgio.php
[Thu Jun 11 20:50:41.571690 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/geforce.php
[Thu Jun 11 20:50:41.692809 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/pucci.php
[Thu Jun 11 20:50:41.832623 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/one.php
[Thu Jun 11 20:50:41.884704 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wp-temp.php
[Thu Jun 11 20:50:41.950811 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/xmu.php
[Thu Jun 11 20:50:42.139750 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/mode.php
[Thu Jun 11 20:50:42.567876 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/dx.php
[Thu Jun 11 20:50:42.596977 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/puc.php
[Thu Jun 11 20:50:43.640848 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/themes.php
[Thu Jun 11 20:50:43.676798 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/dx.php
[Thu Jun 11 20:50:43.738657 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/11.php
[Thu Jun 11 20:50:43.828807 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/p.php
[Thu Jun 11 20:50:43.885730 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/bthil.php
[Thu Jun 11 20:50:43.910907 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/7.php
[Thu Jun 11 20:50:43.942484 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/8.php
[Thu Jun 11 20:50:43.970464 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/1.php
[Thu Jun 11 20:50:44.576911 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/100.php
[Thu Jun 11 20:50:44.611501 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/about.php
[Thu Jun 11 20:50:45.469893 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/admin.php
[Thu Jun 11 20:50:45.501945 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/edit.php
[Thu Jun 11 20:50:45.560865 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/f6.php
[Thu Jun 11 20:50:45.597387 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/inputs.php
[Thu Jun 11 20:50:45.627241 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/av.php
[Thu Jun 11 20:50:45.655394 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/classwithtostring.php
[Thu Jun 11 20:50:45.882271 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wp-blog.php
[Thu Jun 11 20:50:46.380835 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/adminfuns.php
[Thu Jun 11 20:50:46.422681 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/goods.php
[Thu Jun 11 20:50:46.447709 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/ms-edit.php
[Thu Jun 11 20:50:47.163938 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/222.php
[Thu Jun 11 20:50:47.213603 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/cgi-bin/index.php
[Thu Jun 11 20:50:47.913474 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/BDKR28WP.php
[Thu Jun 11 20:50:48.163311 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/wp.php
[Thu Jun 11 20:50:48.297438 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/abcd.php
[Thu Jun 11 20:50:48.342199 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/a1.php
[Thu Jun 11 20:50:48.424491 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/bal.php
[Thu Jun 11 20:50:48.947856 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/cgi-bin/admin.php
[Thu Jun 11 20:50:49.075126 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/gettest.php
[Thu Jun 11 20:50:49.440261 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/simple.php
[Thu Jun 11 20:50:49.465805 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/kj.php
[Thu Jun 11 20:50:49.492791 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/xxx.php
[Thu Jun 11 20:50:49.519991 2026] [:error] [pid 3366:tid 3382] [client 132.196.99.215:34191] File does not exist: /disk001/sonne/public_html/hypo.php
[Thu Jun 11 20:51:11.761930 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/chosen.php
[Thu Jun 11 20:51:11.830889 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/00.php
[Thu Jun 11 20:51:11.864632 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/als.php
[Thu Jun 11 20:51:11.917274 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/pol.php
[Thu Jun 11 20:51:11.943358 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/ll.php
[Thu Jun 11 20:51:11.991805 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/sf.php
[Thu Jun 11 20:51:12.031627 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file5.php
[Thu Jun 11 20:51:12.078820 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/4PJcpMFsD8B.php
[Thu Jun 11 20:51:12.104810 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file.php
[Thu Jun 11 20:51:12.138331 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/cfile.php
[Thu Jun 11 20:51:12.176879 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/class-wp.php
[Thu Jun 11 20:51:12.221534 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/ahax.php
[Thu Jun 11 20:51:13.087854 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/aa2.php
[Thu Jun 11 20:51:13.142149 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/ccou.php
[Thu Jun 11 20:51:13.236764 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/about2.php
[Thu Jun 11 20:51:15.001444 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/dr.php
[Thu Jun 11 20:51:15.032887 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/xamp.php
[Thu Jun 11 20:51:15.459878 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/cA3bHIkVhgP.php
[Thu Jun 11 20:51:15.543102 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/clas11.php
[Thu Jun 11 20:51:15.569944 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file60.php
[Thu Jun 11 20:51:15.703987 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/bb.php
[Thu Jun 11 20:51:16.224959 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/eee.php
[Thu Jun 11 20:51:16.254766 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/5BltUjE9CrY.php
[Thu Jun 11 20:51:16.699192 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file41.php
[Thu Jun 11 20:51:16.735110 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/hg.php
[Thu Jun 11 20:51:16.917674 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file48.php
[Thu Jun 11 20:51:17.035874 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file59.php
[Thu Jun 11 20:51:17.165667 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/ff.php
[Thu Jun 11 20:51:18.477899 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file31.php
[Thu Jun 11 20:51:18.509673 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file6.php
[Thu Jun 11 20:51:18.548782 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/cabs.php
[Thu Jun 11 20:51:18.635759 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file15.php
[Thu Jun 11 20:51:18.909296 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file81.php
[Thu Jun 11 20:51:18.966988 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/no1.php
[Thu Jun 11 20:51:18.990861 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/la.php
[Thu Jun 11 20:51:19.029738 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/jp.php
[Thu Jun 11 20:51:19.087789 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/f35.php
[Thu Jun 11 20:51:19.115773 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/xa.php
[Thu Jun 11 20:51:19.170874 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/wp-load.php
[Thu Jun 11 20:51:19.649541 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/xwpg.php
[Thu Jun 11 20:51:19.677986 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/a5.php
[Thu Jun 11 20:51:19.743667 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/bbn.php
[Thu Jun 11 20:51:19.770872 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/ddd.php
[Thu Jun 11 20:51:20.028661 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/jj.php
[Thu Jun 11 20:51:20.474541 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/waf.php
[Thu Jun 11 20:51:20.499724 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/xstelth.php
[Thu Jun 11 20:51:21.042707 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/bgymj.php
[Thu Jun 11 20:51:21.070962 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/bel.php
[Thu Jun 11 20:51:21.096439 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/file58.php
[Thu Jun 11 20:51:21.120990 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/8573.php
[Thu Jun 11 20:51:21.152930 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/wp-links.php
[Thu Jun 11 20:51:21.185427 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/shoyo.php
[Thu Jun 11 20:51:21.243966 2026] [:error] [pid 27514:tid 27525] [client 132.196.99.215:34233] File does not exist: /disk001/sonne/public_html/flower.php
[Thu Jun 11 20:54:59.458029 2026] [security2:error] [pid 12621:tid 12630] [client 205.210.31.2:50294] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aitK0xe-I_6KUjo_PUzeswAAAIQ"]
[Thu Jun 11 20:55:55.965298 2026] [core:error] [pid 3366:tid 3376] [client 47.253.5.130:43178] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Thu Jun 11 20:57:09.500030 2026] [security2:error] [pid 12621:tid 12646] [client 46.161.50.108:52126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitLVRe-I_6KUjo_PUzhWgAAAJQ"]
[Thu Jun 11 20:57:14.201895 2026] [security2:error] [pid 10949:tid 10965] [client 176.32.193.16:47546] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/aaa9"] [unique_id "aitLWkRFtDk6jPH-LhNReQAAAA0"]
[Thu Jun 11 20:57:15.226265 2026] [security2:error] [pid 25342:tid 25365] [client 176.32.193.16:47548] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/aab9"] [unique_id "aitLW25ZjIIcput37E1A_wAAARQ"]
[Thu Jun 11 20:57:44.152875 2026] [security2:error] [pid 3366:tid 3370] [client 43.156.43.123:56722] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aitLeA_yFoCwT1EVIASnCgAAAEE"], referer: http://machen.ai
[Thu Jun 11 21:02:21.516239 2026] [security2:error] [pid 27514:tid 27519] [client 43.164.194.198:50048] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitMje3j8ahqNX0SlP7hXgAAAME"]
[Thu Jun 11 21:02:21.516331 2026] [security2:error] [pid 27514:tid 27519] [client 43.164.194.198:50048] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitMje3j8ahqNX0SlP7hXgAAAME"]
[Thu Jun 11 21:02:21.516920 2026] [security2:error] [pid 27514:tid 27519] [client 43.164.194.198:50048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitMje3j8ahqNX0SlP7hXgAAAME"]
[Thu Jun 11 21:02:21.518163 2026] [security2:error] [pid 27514:tid 27519] [client 43.164.194.198:50048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitMje3j8ahqNX0SlP7hXgAAAME"]
[Thu Jun 11 21:10:19.820908 2026] [security2:error] [pid 3366:tid 3392] [client 45.148.10.67:33698] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitOaw_yFoCwT1EVIAS0xgAAAFc"]
[Thu Jun 11 21:10:20.187737 2026] [security2:error] [pid 10949:tid 10963] [client 45.148.10.67:33700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aitObERFtDk6jPH-LhNeqgAAAAs"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 21:10:35.184063 2026] [security2:error] [pid 25342:tid 25360] [client 45.148.10.67:54556] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitOe25ZjIIcput37E1OMgAAAQ8"]
[Thu Jun 11 21:11:03.771398 2026] [security2:error] [pid 10949:tid 10954] [client 74.7.242.25:45164] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/issue found within ARGS:fileloc: /proc/7722/root/proc/self/root/etc/issue.net"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aitOl0RFtDk6jPH-LhNfvAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 21:11:03.772365 2026] [security2:error] [pid 10949:tid 10954] [client 74.7.242.25:45164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aitOl0RFtDk6jPH-LhNfvAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 21:11:03.772736 2026] [security2:error] [pid 10949:tid 10954] [client 74.7.242.25:45164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/x-cp-glmw5yOR.php"] [unique_id "aitOl0RFtDk6jPH-LhNfvAAAAAI"], referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//proc/7722/root/proc/self/root/etc
[Thu Jun 11 21:12:04.607797 2026] [security2:error] [pid 3366:tid 3378] [client 45.63.4.69:58278] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitO1A_yFoCwT1EVIAS2bgAAAEk"]
[Thu Jun 11 21:12:06.325549 2026] [security2:error] [pid 25342:tid 25355] [client 64.62.156.212:59786] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitO1m5ZjIIcput37E1PgAAAAQo"]
[Thu Jun 11 21:12:10.884935 2026] [security2:error] [pid 25342:tid 25348] [client 45.63.4.69:33056] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitO2m5ZjIIcput37E1PiQAAAQM"], referer: http://13.84.161.190/
[Thu Jun 11 21:20:03.621907 2026] [security2:error] [pid 10949:tid 10967] [client 46.161.50.108:39992] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/aaa9"] [unique_id "aitQs0RFtDk6jPH-LhNoCwAAAA8"]
[Thu Jun 11 21:20:04.650518 2026] [security2:error] [pid 3366:tid 3382] [client 46.161.50.108:39994] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/aab9"] [unique_id "aitQtA_yFoCwT1EVIAS90AAAAE0"]
[Thu Jun 11 21:21:14.271877 2026] [security2:error] [pid 27514:tid 27530] [client 64.62.156.216:34857] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitQ-u3j8ahqNX0SlP736QAAAMw"]
[Thu Jun 11 21:25:45.125704 2026] [security2:error] [pid 2118:tid 2147] [client 64.62.156.218:27971] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitSCWAwrcQa3cFQ5_214AAAARI"]
[Thu Jun 11 21:26:00.711947 2026] [security2:error] [pid 3366:tid 3389] [client 78.153.140.93:55784] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSGA_yFoCwT1EVIATC2AAAAFQ"]
[Thu Jun 11 21:26:00.712185 2026] [security2:error] [pid 3366:tid 3389] [client 78.153.140.93:55784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSGA_yFoCwT1EVIATC2AAAAFQ"]
[Thu Jun 11 21:26:00.712507 2026] [security2:error] [pid 3366:tid 3389] [client 78.153.140.93:55784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSGA_yFoCwT1EVIATC2AAAAFQ"]
[Thu Jun 11 21:26:00.713543 2026] [security2:error] [pid 3366:tid 3389] [client 78.153.140.93:55784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSGA_yFoCwT1EVIATC2AAAAFQ"]
[Thu Jun 11 21:26:01.060907 2026] [security2:error] [pid 10949:tid 10973] [client 78.153.140.93:55800] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitSGURFtDk6jPH-LhNt1AAAABU"]
[Thu Jun 11 21:27:05.290881 2026] [security2:error] [pid 2118:tid 2156] [client 213.209.159.175:11728] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSWWAwrcQa3cFQ5_23zwAAARg"]
[Thu Jun 11 21:27:05.291136 2026] [security2:error] [pid 2118:tid 2156] [client 213.209.159.175:11728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSWWAwrcQa3cFQ5_23zwAAARg"]
[Thu Jun 11 21:27:05.291403 2026] [security2:error] [pid 2118:tid 2156] [client 213.209.159.175:11728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitSWWAwrcQa3cFQ5_23zwAAARg"]
[Thu Jun 11 21:27:05.292380 2026] [security2:error] [pid 2118:tid 2156] [client 213.209.159.175:11728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSWWAwrcQa3cFQ5_23zwAAARg"]
[Thu Jun 11 21:27:05.673958 2026] [security2:error] [pid 12621:tid 12628] [client 213.209.159.175:17495] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aitSWRe-I_6KUjo_PUwDeQAAAII"]
[Thu Jun 11 21:27:05.674292 2026] [security2:error] [pid 12621:tid 12628] [client 213.209.159.175:17495] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aitSWRe-I_6KUjo_PUwDeQAAAII"]
[Thu Jun 11 21:27:05.674615 2026] [security2:error] [pid 12621:tid 12628] [client 213.209.159.175:17495] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aitSWRe-I_6KUjo_PUwDeQAAAII"]
[Thu Jun 11 21:27:05.675717 2026] [security2:error] [pid 12621:tid 12628] [client 213.209.159.175:17495] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSWRe-I_6KUjo_PUwDeQAAAII"]
[Thu Jun 11 21:27:06.107733 2026] [security2:error] [pid 2118:tid 2140] [client 213.209.159.175:44928] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aitSWmAwrcQa3cFQ5_231AAAAQ8"]
[Thu Jun 11 21:27:06.107987 2026] [security2:error] [pid 2118:tid 2140] [client 213.209.159.175:44928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aitSWmAwrcQa3cFQ5_231AAAAQ8"]
[Thu Jun 11 21:27:06.108231 2026] [security2:error] [pid 2118:tid 2140] [client 213.209.159.175:44928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aitSWmAwrcQa3cFQ5_231AAAAQ8"]
[Thu Jun 11 21:27:06.109051 2026] [security2:error] [pid 2118:tid 2140] [client 213.209.159.175:44928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSWmAwrcQa3cFQ5_231AAAAQ8"]
[Thu Jun 11 21:27:06.540116 2026] [security2:error] [pid 12621:tid 12640] [client 213.209.159.175:19070] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aitSWhe-I_6KUjo_PUwDfwAAAI4"]
[Thu Jun 11 21:27:06.540414 2026] [security2:error] [pid 12621:tid 12640] [client 213.209.159.175:19070] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aitSWhe-I_6KUjo_PUwDfwAAAI4"]
[Thu Jun 11 21:27:06.540738 2026] [security2:error] [pid 12621:tid 12640] [client 213.209.159.175:19070] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aitSWhe-I_6KUjo_PUwDfwAAAI4"]
[Thu Jun 11 21:27:06.541836 2026] [security2:error] [pid 12621:tid 12640] [client 213.209.159.175:19070] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSWhe-I_6KUjo_PUwDfwAAAI4"]
[Thu Jun 11 21:27:06.968190 2026] [security2:error] [pid 2118:tid 2126] [client 213.209.159.175:40539] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aitSWmAwrcQa3cFQ5_232AAAAQU"]
[Thu Jun 11 21:27:06.968486 2026] [security2:error] [pid 2118:tid 2126] [client 213.209.159.175:40539] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aitSWmAwrcQa3cFQ5_232AAAAQU"]
[Thu Jun 11 21:27:06.968793 2026] [security2:error] [pid 2118:tid 2126] [client 213.209.159.175:40539] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aitSWmAwrcQa3cFQ5_232AAAAQU"]
[Thu Jun 11 21:27:06.969767 2026] [security2:error] [pid 2118:tid 2126] [client 213.209.159.175:40539] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitSWmAwrcQa3cFQ5_232AAAAQU"]
[Thu Jun 11 21:27:21.258850 2026] [security2:error] [pid 2118:tid 2121] [client 220.154.132.162:55712] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitSaWAwrcQa3cFQ5_24JwAAAQA"]
[Thu Jun 11 21:27:21.625109 2026] [security2:error] [pid 2118:tid 2147] [client 220.154.132.162:1153] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aitSaWAwrcQa3cFQ5_24KwAAARI"]
[Thu Jun 11 21:30:42.789896 2026] [security2:error] [pid 2118:tid 2150] [client 46.151.178.13:42094] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitTMmAwrcQa3cFQ5_272AAAARQ"], referer: http://13.84.161.190:443/
[Thu Jun 11 21:37:30.667507 2026] [security2:error] [pid 10949:tid 10969] [client 66.132.195.97:51664] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitUykRFtDk6jPH-LhN49wAAABE"]
[Thu Jun 11 21:37:31.137439 2026] [security2:error] [pid 10949:tid 10952] [client 66.132.195.97:51678] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitUy0RFtDk6jPH-LhN4-AAAAAA"]
[Thu Jun 11 21:37:39.561230 2026] [security2:error] [pid 10949:tid 10975] [client 66.132.195.97:13930] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.well-known/security.txt"] [unique_id "aitU00RFtDk6jPH-LhN5DwAAABc"]
[Thu Jun 11 21:37:40.299158 2026] [security2:error] [pid 3366:tid 3388] [client 66.132.195.97:13944] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitU1A_yFoCwT1EVIATPyQAAAFM"]
[Thu Jun 11 21:38:41.817973 2026] [security2:error] [pid 2118:tid 2143] [client 34.123.82.129:23816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitVEWAwrcQa3cFQ5_3DfQAAARE"]
[Thu Jun 11 21:38:41.818260 2026] [security2:error] [pid 2118:tid 2143] [client 34.123.82.129:23816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitVEWAwrcQa3cFQ5_3DfQAAARE"]
[Thu Jun 11 21:38:41.818567 2026] [security2:error] [pid 2118:tid 2143] [client 34.123.82.129:23816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitVEWAwrcQa3cFQ5_3DfQAAARE"]
[Thu Jun 11 21:40:06.100111 2026] [security2:error] [pid 3366:tid 3393] [client 64.62.156.212:10114] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/geoserver/web/"] [unique_id "aitVZg_yFoCwT1EVIATSjAAAAFg"]
[Thu Jun 11 21:44:42.322838 2026] [security2:error] [pid 27514:tid 27530] [client 64.62.156.212:45562] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aitWeu3j8ahqNX0SlP4SFgAAAMw"]
[Thu Jun 11 21:44:42.323093 2026] [security2:error] [pid 27514:tid 27530] [client 64.62.156.212:45562] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aitWeu3j8ahqNX0SlP4SFgAAAMw"]
[Thu Jun 11 21:44:42.323344 2026] [security2:error] [pid 27514:tid 27530] [client 64.62.156.212:45562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aitWeu3j8ahqNX0SlP4SFgAAAMw"]
[Thu Jun 11 21:44:42.983554 2026] [security2:error] [pid 27514:tid 27530] [client 64.62.156.212:45562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitWeu3j8ahqNX0SlP4SFgAAAMw"]
[Thu Jun 11 21:45:06.335027 2026] [security2:error] [pid 27514:tid 27526] [client 45.91.64.8:37090] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitWku3j8ahqNX0SlP4SdQAAAMg"]
[Thu Jun 11 21:45:07.125337 2026] [security2:error] [pid 27514:tid 27526] [client 45.91.64.8:37090] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitWk-3j8ahqNX0SlP4SegAAAMg"], referer: https://13.84.161.190/
[Thu Jun 11 21:45:44.543057 2026] [security2:error] [pid 27514:tid 27532] [client 45.91.64.8:50598] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitWuO3j8ahqNX0SlP4TdAAAAM4"], referer: https://13.84.161.190/
[Thu Jun 11 21:47:20.065967 2026] [security2:error] [pid 3366:tid 3369] [client 46.151.178.13:42084] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitXGA_yFoCwT1EVIATZuAAAAEA"], referer: http://13.66.22.226:443/
[Thu Jun 11 21:49:38.898534 2026] [security2:error] [pid 12621:tid 12641] [client 78.153.140.149:51896] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitXohe-I_6KUjo_PUwdmAAAAI8"]
[Thu Jun 11 21:49:38.898791 2026] [security2:error] [pid 12621:tid 12641] [client 78.153.140.149:51896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitXohe-I_6KUjo_PUwdmAAAAI8"]
[Thu Jun 11 21:49:38.899082 2026] [security2:error] [pid 12621:tid 12641] [client 78.153.140.149:51896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitXohe-I_6KUjo_PUwdmAAAAI8"]
[Thu Jun 11 21:49:38.902025 2026] [security2:error] [pid 12621:tid 12641] [client 78.153.140.149:51896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitXohe-I_6KUjo_PUwdmAAAAI8"]
[Thu Jun 11 21:49:39.261724 2026] [security2:error] [pid 27514:tid 27536] [client 78.153.140.149:51900] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitXo-3j8ahqNX0SlP4XcQAAANI"]
[Thu Jun 11 21:54:31.251197 2026] [security2:error] [pid 12621:tid 12630] [client 172.202.117.213:42192] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/owa/auth/logon.aspx"] [unique_id "aitYxxe-I_6KUjo_PUwjagAAAIQ"]
[Thu Jun 11 21:54:31.251349 2026] [security2:error] [pid 12621:tid 12630] [client 172.202.117.213:42192] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/owa/auth/logon.aspx"] [unique_id "aitYxxe-I_6KUjo_PUwjagAAAIQ"]
[Thu Jun 11 21:54:31.251816 2026] [security2:error] [pid 12621:tid 12630] [client 172.202.117.213:42192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/owa/auth/logon.aspx"] [unique_id "aitYxxe-I_6KUjo_PUwjagAAAIQ"]
[Thu Jun 11 21:54:31.329420 2026] [security2:error] [pid 12621:tid 12630] [client 172.202.117.213:42192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitYxxe-I_6KUjo_PUwjagAAAIQ"]
[Thu Jun 11 21:57:54.625416 2026] [security2:error] [pid 10949:tid 10963] [client 176.65.139.66:40382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitZkkRFtDk6jPH-LhOOZAAAAAs"]
[Thu Jun 11 22:03:16.308663 2026] [security2:error] [pid 27514:tid 27521] [client 43.130.53.252:59840] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aita1O3j8ahqNX0SlP4lZAAAAMM"]
[Thu Jun 11 22:08:22.644868 2026] [security2:error] [pid 10949:tid 10970] [client 78.153.140.50:35610] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitcBkRFtDk6jPH-LhOYIwAAABI"]
[Thu Jun 11 22:08:22.645187 2026] [security2:error] [pid 10949:tid 10970] [client 78.153.140.50:35610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitcBkRFtDk6jPH-LhOYIwAAABI"]
[Thu Jun 11 22:08:22.645532 2026] [security2:error] [pid 10949:tid 10970] [client 78.153.140.50:35610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitcBkRFtDk6jPH-LhOYIwAAABI"]
[Thu Jun 11 22:08:22.786431 2026] [security2:error] [pid 10949:tid 10970] [client 78.153.140.50:35610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitcBkRFtDk6jPH-LhOYIwAAABI"]
[Thu Jun 11 22:08:23.704876 2026] [security2:error] [pid 3366:tid 3387] [client 78.153.140.50:35618] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitcBw_yFoCwT1EVIATuGAAAAFI"]
[Thu Jun 11 22:11:12.250533 2026] [security2:error] [pid 12621:tid 12637] [client 20.118.32.171:50752] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/portal/redlion"] [unique_id "aitcsBe-I_6KUjo_PUw13wAAAIs"]
[Thu Jun 11 22:11:12.250754 2026] [security2:error] [pid 12621:tid 12637] [client 20.118.32.171:50752] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/portal/redlion"] [unique_id "aitcsBe-I_6KUjo_PUw13wAAAIs"]
[Thu Jun 11 22:11:12.251185 2026] [security2:error] [pid 12621:tid 12637] [client 20.118.32.171:50752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/portal/redlion"] [unique_id "aitcsBe-I_6KUjo_PUw13wAAAIs"]
[Thu Jun 11 22:11:12.252184 2026] [security2:error] [pid 12621:tid 12637] [client 20.118.32.171:50752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitcsBe-I_6KUjo_PUw13wAAAIs"]
[Thu Jun 11 22:19:08.709561 2026] [security2:error] [pid 27514:tid 27525] [client 162.240.109.188:47638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fQAAAMc"]
[Thu Jun 11 22:19:08.710042 2026] [security2:error] [pid 3366:tid 3371] [client 162.240.109.188:47630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qQAAAEI"]
[Thu Jun 11 22:19:08.709962 2026] [security2:error] [pid 27514:tid 27525] [client 162.240.109.188:47638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fQAAAMc"]
[Thu Jun 11 22:19:08.710279 2026] [security2:error] [pid 3366:tid 3371] [client 162.240.109.188:47630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qQAAAEI"]
[Thu Jun 11 22:19:08.710324 2026] [security2:error] [pid 27514:tid 27525] [client 162.240.109.188:47638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fQAAAMc"]
[Thu Jun 11 22:19:08.710621 2026] [security2:error] [pid 3366:tid 3371] [client 162.240.109.188:47630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qQAAAEI"]
[Thu Jun 11 22:19:08.711933 2026] [security2:error] [pid 2118:tid 2133] [client 162.240.109.188:47650] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUgAAAQw"]
[Thu Jun 11 22:19:08.712165 2026] [security2:error] [pid 2118:tid 2133] [client 162.240.109.188:47650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUgAAAQw"]
[Thu Jun 11 22:19:08.712398 2026] [security2:error] [pid 2118:tid 2133] [client 162.240.109.188:47650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUgAAAQw"]
[Thu Jun 11 22:19:08.712563 2026] [security2:error] [pid 12621:tid 12638] [client 162.240.109.188:47636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env.save"] [unique_id "aitejBe-I_6KUjo_PUw_EQAAAIw"]
[Thu Jun 11 22:19:08.712826 2026] [security2:error] [pid 12621:tid 12638] [client 162.240.109.188:47636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env.save"] [unique_id "aitejBe-I_6KUjo_PUw_EQAAAIw"]
[Thu Jun 11 22:19:08.713126 2026] [security2:error] [pid 12621:tid 12638] [client 162.240.109.188:47636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env.save"] [unique_id "aitejBe-I_6KUjo_PUw_EQAAAIw"]
[Thu Jun 11 22:19:08.714830 2026] [security2:error] [pid 10949:tid 10963] [client 162.240.109.188:47640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /members/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/members/.env"] [unique_id "aitejERFtDk6jPH-LhOl5AAAAAs"]
[Thu Jun 11 22:19:08.715193 2026] [security2:error] [pid 10949:tid 10963] [client 162.240.109.188:47640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/members/.env"] [unique_id "aitejERFtDk6jPH-LhOl5AAAAAs"]
[Thu Jun 11 22:19:08.715464 2026] [security2:error] [pid 10949:tid 10963] [client 162.240.109.188:47640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/members/.env"] [unique_id "aitejERFtDk6jPH-LhOl5AAAAAs"]
[Thu Jun 11 22:19:08.717113 2026] [security2:error] [pid 27514:tid 27532] [client 162.240.109.188:47634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fgAAAM4"]
[Thu Jun 11 22:19:08.717316 2026] [security2:error] [pid 27514:tid 27532] [client 162.240.109.188:47634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fgAAAM4"]
[Thu Jun 11 22:19:08.717620 2026] [security2:error] [pid 27514:tid 27532] [client 162.240.109.188:47634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "aitejO3j8ahqNX0SlP41fgAAAM4"]
[Thu Jun 11 22:19:08.724321 2026] [security2:error] [pid 12621:tid 12637] [client 162.240.109.188:47646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aitejBe-I_6KUjo_PUw_EgAAAIs"]
[Thu Jun 11 22:19:08.724606 2026] [security2:error] [pid 12621:tid 12637] [client 162.240.109.188:47646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aitejBe-I_6KUjo_PUw_EgAAAIs"]
[Thu Jun 11 22:19:08.724918 2026] [security2:error] [pid 12621:tid 12637] [client 162.240.109.188:47646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "aitejBe-I_6KUjo_PUw_EgAAAIs"]
[Thu Jun 11 22:19:08.726258 2026] [security2:error] [pid 10949:tid 10961] [client 162.240.109.188:47642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/dev/.env"] [unique_id "aitejERFtDk6jPH-LhOl5QAAAAk"]
[Thu Jun 11 22:19:08.726469 2026] [security2:error] [pid 10949:tid 10961] [client 162.240.109.188:47642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/dev/.env"] [unique_id "aitejERFtDk6jPH-LhOl5QAAAAk"]
[Thu Jun 11 22:19:08.726742 2026] [security2:error] [pid 10949:tid 10961] [client 162.240.109.188:47642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/dev/.env"] [unique_id "aitejERFtDk6jPH-LhOl5QAAAAk"]
[Thu Jun 11 22:19:08.728030 2026] [security2:error] [pid 2118:tid 2122] [client 162.240.109.188:47644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUwAAAQE"]
[Thu Jun 11 22:19:08.728261 2026] [security2:error] [pid 2118:tid 2122] [client 162.240.109.188:47644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUwAAAQE"]
[Thu Jun 11 22:19:08.728492 2026] [security2:error] [pid 2118:tid 2122] [client 162.240.109.188:47644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/core/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vUwAAAQE"]
[Thu Jun 11 22:19:08.728807 2026] [security2:error] [pid 27514:tid 27522] [client 162.240.109.188:47632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitejO3j8ahqNX0SlP41fwAAAMQ"]
[Thu Jun 11 22:19:08.729035 2026] [security2:error] [pid 27514:tid 27522] [client 162.240.109.188:47632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitejO3j8ahqNX0SlP41fwAAAMQ"]
[Thu Jun 11 22:19:08.729373 2026] [security2:error] [pid 27514:tid 27522] [client 162.240.109.188:47632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aitejO3j8ahqNX0SlP41fwAAAMQ"]
[Thu Jun 11 22:19:08.730095 2026] [security2:error] [pid 3366:tid 3372] [client 162.240.109.188:47652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qgAAAEM"]
[Thu Jun 11 22:19:08.730424 2026] [security2:error] [pid 3366:tid 3372] [client 162.240.109.188:47652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qgAAAEM"]
[Thu Jun 11 22:19:08.730628 2026] [security2:error] [pid 2118:tid 2134] [client 162.240.109.188:47648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vVAAAAQ0"]
[Thu Jun 11 22:19:08.730721 2026] [security2:error] [pid 3366:tid 3372] [client 162.240.109.188:47652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/admin/.env"] [unique_id "aitejA_yFoCwT1EVIAT3qgAAAEM"]
[Thu Jun 11 22:19:08.730857 2026] [security2:error] [pid 2118:tid 2134] [client 162.240.109.188:47648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vVAAAAQ0"]
[Thu Jun 11 22:19:08.731089 2026] [security2:error] [pid 2118:tid 2134] [client 162.240.109.188:47648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "aitejGAwrcQa3cFQ5_3vVAAAAQ0"]
[Thu Jun 11 22:23:32.177823 2026] [security2:error] [pid 2118:tid 2125] [client 23.161.169.113:40292] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aitflGAwrcQa3cFQ5_30UgAAAQQ"]
[Thu Jun 11 22:23:32.178243 2026] [security2:error] [pid 2118:tid 2125] [client 23.161.169.113:40292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aitflGAwrcQa3cFQ5_30UgAAAQQ"]
[Thu Jun 11 22:23:32.279817 2026] [security2:error] [pid 3366:tid 3375] [client 23.161.169.113:40308] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/HEAD"] [unique_id "aitflA_yFoCwT1EVIAT8iwAAAEY"]
[Thu Jun 11 22:23:32.280122 2026] [security2:error] [pid 3366:tid 3375] [client 23.161.169.113:40308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/HEAD"] [unique_id "aitflA_yFoCwT1EVIAT8iwAAAEY"]
[Thu Jun 11 22:23:32.468233 2026] [security2:error] [pid 2118:tid 2125] [client 23.161.169.113:40292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitflGAwrcQa3cFQ5_30UgAAAQQ"]
[Thu Jun 11 22:23:32.601337 2026] [security2:error] [pid 3366:tid 3375] [client 23.161.169.113:40308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitflA_yFoCwT1EVIAT8iwAAAEY"]
[Thu Jun 11 22:23:35.915528 2026] [security2:error] [pid 12621:tid 12628] [client 23.161.169.113:40302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aitflxe-I_6KUjo_PUxD-QAAAII"]
[Thu Jun 11 22:23:35.915795 2026] [security2:error] [pid 12621:tid 12628] [client 23.161.169.113:40302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aitflxe-I_6KUjo_PUxD-QAAAII"]
[Thu Jun 11 22:23:36.076384 2026] [security2:error] [pid 12621:tid 12644] [client 23.161.169.113:40382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aitfmBe-I_6KUjo_PUxD-wAAAJI"]
[Thu Jun 11 22:23:36.076815 2026] [security2:error] [pid 12621:tid 12644] [client 23.161.169.113:40382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.development"] [unique_id "aitfmBe-I_6KUjo_PUxD-wAAAJI"]
[Thu Jun 11 22:23:36.081857 2026] [security2:error] [pid 27514:tid 27519] [client 23.161.169.113:40392] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aitfmO3j8ahqNX0SlP45PwAAAME"]
[Thu Jun 11 22:23:36.082030 2026] [security2:error] [pid 27514:tid 27519] [client 23.161.169.113:40392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aitfmO3j8ahqNX0SlP45PwAAAME"]
[Thu Jun 11 22:23:36.082197 2026] [security2:error] [pid 27514:tid 27519] [client 23.161.169.113:40392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aitfmO3j8ahqNX0SlP45PwAAAME"]
[Thu Jun 11 22:23:36.084953 2026] [security2:error] [pid 27514:tid 27526] [client 23.161.169.113:40344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aitfmO3j8ahqNX0SlP45QAAAAMg"]
[Thu Jun 11 22:23:36.085177 2026] [security2:error] [pid 27514:tid 27526] [client 23.161.169.113:40344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.local"] [unique_id "aitfmO3j8ahqNX0SlP45QAAAAMg"]
[Thu Jun 11 22:23:36.089226 2026] [security2:error] [pid 27514:tid 27528] [client 23.161.169.113:40406] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aitfmO3j8ahqNX0SlP45QQAAAMo"]
[Thu Jun 11 22:23:36.089394 2026] [security2:error] [pid 27514:tid 27528] [client 23.161.169.113:40406] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aitfmO3j8ahqNX0SlP45QQAAAMo"]
[Thu Jun 11 22:23:36.089626 2026] [security2:error] [pid 27514:tid 27528] [client 23.161.169.113:40406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.backup"] [unique_id "aitfmO3j8ahqNX0SlP45QQAAAMo"]
[Thu Jun 11 22:23:36.108693 2026] [security2:error] [pid 3366:tid 3390] [client 23.161.169.113:40328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aitfmA_yFoCwT1EVIAT8oAAAAFU"]
[Thu Jun 11 22:23:36.108923 2026] [security2:error] [pid 3366:tid 3390] [client 23.161.169.113:40328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.production"] [unique_id "aitfmA_yFoCwT1EVIAT8oAAAAFU"]
[Thu Jun 11 22:23:37.405689 2026] [security2:error] [pid 12621:tid 12628] [client 23.161.169.113:40302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitflxe-I_6KUjo_PUxD-QAAAII"]
[Thu Jun 11 22:23:37.485517 2026] [security2:error] [pid 3366:tid 3390] [client 23.161.169.113:40328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitfmA_yFoCwT1EVIAT8oAAAAFU"]
[Thu Jun 11 22:23:37.612800 2026] [security2:error] [pid 27514:tid 27519] [client 23.161.169.113:40392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitfmO3j8ahqNX0SlP45PwAAAME"]
[Thu Jun 11 22:23:37.729325 2026] [security2:error] [pid 12621:tid 12644] [client 23.161.169.113:40382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitfmBe-I_6KUjo_PUxD-wAAAJI"]
[Thu Jun 11 22:23:37.826942 2026] [security2:error] [pid 27514:tid 27528] [client 23.161.169.113:40406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitfmO3j8ahqNX0SlP45QQAAAMo"]
[Thu Jun 11 22:23:38.002480 2026] [security2:error] [pid 27514:tid 27526] [client 23.161.169.113:40344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aitfmO3j8ahqNX0SlP45QAAAAMg"]
[Thu Jun 11 22:31:34.632161 2026] [security2:error] [pid 8259:tid 8269] [client 198.235.24.65:49980] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aithdnolEJBFTjlHisw6wwAAAUY"]
[Thu Jun 11 22:35:29.022704 2026] [security2:error] [pid 8259:tid 8273] [client 45.148.10.67:63482] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitiYXolEJBFTjlHisw-PAAAAUo"]
[Thu Jun 11 22:36:21.503129 2026] [security2:error] [pid 2118:tid 2128] [client 43.164.133.138:59720] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitilWAwrcQa3cFQ5_3-VQAAAQc"], referer: http://13.84.161.190
[Thu Jun 11 22:36:21.503258 2026] [security2:error] [pid 2118:tid 2128] [client 43.164.133.138:59720] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitilWAwrcQa3cFQ5_3-VQAAAQc"], referer: http://13.84.161.190
[Thu Jun 11 22:36:21.503927 2026] [security2:error] [pid 2118:tid 2128] [client 43.164.133.138:59720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitilWAwrcQa3cFQ5_3-VQAAAQc"], referer: http://13.84.161.190
[Thu Jun 11 22:36:21.785996 2026] [security2:error] [pid 2118:tid 2128] [client 43.164.133.138:59720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitilWAwrcQa3cFQ5_3-VQAAAQc"], referer: http://13.84.161.190
[Thu Jun 11 22:39:33.099687 2026] [security2:error] [pid 8259:tid 8285] [client 77.83.39.42:49432] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitjVXolEJBFTjlHisxBkAAAAVY"]
[Thu Jun 11 22:39:33.099885 2026] [security2:error] [pid 8259:tid 8285] [client 77.83.39.42:49432] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitjVXolEJBFTjlHisxBkAAAAVY"]
[Thu Jun 11 22:39:33.100006 2026] [security2:error] [pid 8259:tid 8285] [client 77.83.39.42:49432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitjVXolEJBFTjlHisxBkAAAAVY"]
[Thu Jun 11 22:39:33.100259 2026] [security2:error] [pid 8259:tid 8285] [client 77.83.39.42:49432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitjVXolEJBFTjlHisxBkAAAAVY"]
[Thu Jun 11 22:39:33.587866 2026] [security2:error] [pid 8259:tid 8285] [client 77.83.39.42:49432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitjVXolEJBFTjlHisxBkAAAAVY"]
[Thu Jun 11 22:40:40.842965 2026] [security2:error] [pid 10949:tid 10976] [client 77.83.39.42:51772] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitjmERFtDk6jPH-LhO5dAAAABg"]
[Thu Jun 11 22:40:40.843122 2026] [security2:error] [pid 10949:tid 10976] [client 77.83.39.42:51772] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitjmERFtDk6jPH-LhO5dAAAABg"]
[Thu Jun 11 22:40:40.843255 2026] [security2:error] [pid 10949:tid 10976] [client 77.83.39.42:51772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitjmERFtDk6jPH-LhO5dAAAABg"]
[Thu Jun 11 22:40:40.843968 2026] [security2:error] [pid 10949:tid 10976] [client 77.83.39.42:51772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aitjmERFtDk6jPH-LhO5dAAAABg"]
[Thu Jun 11 22:40:40.844288 2026] [security2:error] [pid 10949:tid 10976] [client 77.83.39.42:51772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitjmERFtDk6jPH-LhO5dAAAABg"]
[Thu Jun 11 22:52:37.563738 2026] [security2:error] [pid 27514:tid 27524] [client 185.242.226.113:48951] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitmZe3j8ahqNX0SlP5STgAAAMY"]
[Thu Jun 11 22:54:43.317665 2026] [security2:error] [pid 27514:tid 27522] [client 124.156.200.223:37486] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aitm4-3j8ahqNX0SlP5TSAAAAMQ"]
[Thu Jun 11 22:56:25.968310 2026] [security2:error] [pid 8259:tid 8284] [client 176.65.139.36:35742] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "146.56.180.42:3333"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "146.56.180.42"] [uri "/"] [unique_id "aitnSXolEJBFTjlHisxQrQAAAVU"]
[Thu Jun 11 23:00:52.877447 2026] [security2:error] [pid 10949:tid 10959] [client 45.148.10.67:51640] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitoVERFtDk6jPH-LhPKZgAAAAc"]
[Thu Jun 11 23:00:53.281066 2026] [security2:error] [pid 8259:tid 8285] [client 45.148.10.67:51642] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aitoVXolEJBFTjlHisxVIwAAAVY"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 23:07:43.874190 2026] [security2:error] [pid 2118:tid 2125] [client 43.157.153.236:35302] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitp72AwrcQa3cFQ5_0ZvQAAAQQ"]
[Thu Jun 11 23:07:43.874283 2026] [security2:error] [pid 2118:tid 2125] [client 43.157.153.236:35302] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitp72AwrcQa3cFQ5_0ZvQAAAQQ"]
[Thu Jun 11 23:07:43.874892 2026] [security2:error] [pid 2118:tid 2125] [client 43.157.153.236:35302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitp72AwrcQa3cFQ5_0ZvQAAAQQ"]
[Thu Jun 11 23:07:43.875781 2026] [security2:error] [pid 2118:tid 2125] [client 43.157.153.236:35302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aitp72AwrcQa3cFQ5_0ZvQAAAQQ"]
[Thu Jun 11 23:08:32.586125 2026] [security2:error] [pid 2118:tid 2129] [client 198.235.24.143:60744] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitqIGAwrcQa3cFQ5_0ahQAAAQg"]
[Thu Jun 11 23:08:32.943926 2026] [security2:error] [pid 27514:tid 27530] [client 198.235.24.143:60758] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aitqIO3j8ahqNX0SlP5fxQAAAMw"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 23:17:19.355283 2026] [security2:error] [pid 12621:tid 12632] [client 93.174.93.12:60000] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aitsLxe-I_6KUjo_PUx4-gAAAIY"]
[Thu Jun 11 23:18:11.698438 2026] [security2:error] [pid 3366:tid 3381] [client 185.242.226.113:51279] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitsYw_yFoCwT1EVIAQudwAAAEw"], referer: http://13.84.161.190:80/
[Thu Jun 11 23:22:31.798516 2026] [security2:error] [pid 8259:tid 8275] [client 172.232.108.36:13626] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aittZ3olEJBFTjlHisxpTAAAAUw"], referer: http://13.84.161.190/
[Thu Jun 11 23:23:28.004491 2026] [security2:error] [pid 2118:tid 2150] [client 8.221.140.153:60518] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aittoGAwrcQa3cFQ5_0pAwAAARQ"]
[Thu Jun 11 23:23:32.399993 2026] [security2:error] [pid 12621:tid 12649] [client 8.221.140.153:60578] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aittpBe-I_6KUjo_PUx-bAAAAJc"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 23:23:34.187324 2026] [security2:error] [pid 2118:tid 2140] [client 8.216.87.176:57526] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aittpmAwrcQa3cFQ5_0pFwAAAQ8"]
[Thu Jun 11 23:23:34.770931 2026] [security2:error] [pid 12621:tid 12638] [client 8.221.140.153:60892] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aittphe-I_6KUjo_PUx-ewAAAIw"]
[Thu Jun 11 23:23:34.905702 2026] [security2:error] [pid 12621:tid 12638] [client 8.221.140.153:60892] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aittphe-I_6KUjo_PUx-fAAAAIw"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 23:23:43.577740 2026] [security2:error] [pid 8259:tid 8270] [client 8.216.87.176:58198] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aittr3olEJBFTjlHisxqnQAAAUc"]
[Thu Jun 11 23:23:45.599892 2026] [security2:error] [pid 3366:tid 3388] [client 8.216.87.176:58594] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aittsQ_yFoCwT1EVIAQyWQAAAFM"]
[Thu Jun 11 23:27:11.573496 2026] [security2:error] [pid 27514:tid 27535] [client 34.123.82.129:19898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aituf-3j8ahqNX0SlP5vcwAAANE"]
[Thu Jun 11 23:27:11.573775 2026] [security2:error] [pid 27514:tid 27535] [client 34.123.82.129:19898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aituf-3j8ahqNX0SlP5vcwAAANE"]
[Thu Jun 11 23:27:12.252828 2026] [security2:error] [pid 27514:tid 27535] [client 34.123.82.129:19898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aituf-3j8ahqNX0SlP5vcwAAANE"]
[Thu Jun 11 23:27:23.651142 2026] [security2:error] [pid 27514:tid 27541] [client 34.123.82.129:34924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aitui-3j8ahqNX0SlP5vqwAAANc"]
[Thu Jun 11 23:27:23.651518 2026] [security2:error] [pid 27514:tid 27541] [client 34.123.82.129:34924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aitui-3j8ahqNX0SlP5vqwAAANc"]
[Thu Jun 11 23:27:23.685945 2026] [security2:error] [pid 27514:tid 27541] [client 34.123.82.129:34924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aitui-3j8ahqNX0SlP5vqwAAANc"]
[Thu Jun 11 23:31:13.719809 2026] [security2:error] [pid 12621:tid 12647] [client 78.153.140.250:47794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitvcRe-I_6KUjo_PUyGewAAAJU"]
[Thu Jun 11 23:31:13.720124 2026] [security2:error] [pid 12621:tid 12647] [client 78.153.140.250:47794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitvcRe-I_6KUjo_PUyGewAAAJU"]
[Thu Jun 11 23:31:13.720688 2026] [security2:error] [pid 12621:tid 12647] [client 78.153.140.250:47794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aitvcRe-I_6KUjo_PUyGewAAAJU"]
[Thu Jun 11 23:31:14.180227 2026] [security2:error] [pid 12621:tid 12647] [client 78.153.140.250:47794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aitvcRe-I_6KUjo_PUyGewAAAJU"]
[Thu Jun 11 23:31:15.284021 2026] [security2:error] [pid 10949:tid 10958] [client 78.153.140.250:47810] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitvc0RFtDk6jPH-LhPj2wAAAAY"]
[Thu Jun 11 23:34:49.345089 2026] [security2:error] [pid 3366:tid 3391] [client 107.150.117.187:45154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aitwSQ_yFoCwT1EVIAQ7eAAAAFY"]
[Thu Jun 11 23:34:55.538876 2026] [security2:error] [pid 27514:tid 27535] [client 107.150.117.187:59070] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aitwT-3j8ahqNX0SlP52lAAAANE"]
[Thu Jun 11 23:34:56.613305 2026] [security2:error] [pid 12621:tid 12646] [client 107.150.117.187:59072] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aitwUBe-I_6KUjo_PUyKBQAAAJQ"]
[Thu Jun 11 23:34:57.716950 2026] [security2:error] [pid 3366:tid 3375] [client 107.150.117.187:59074] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/sitemap.xml"] [unique_id "aitwUQ_yFoCwT1EVIAQ7ogAAAEY"]
[Thu Jun 11 23:35:01.292048 2026] [security2:error] [pid 12621:tid 12649] [client 107.150.117.187:59196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/config.json"] [unique_id "aitwVRe-I_6KUjo_PUyKEAAAAJc"]
[Thu Jun 11 23:37:59.717156 2026] [security2:error] [pid 3366:tid 3374] [client 162.14.66.219:32842] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aitxBw_yFoCwT1EVIARARwAAAEU"], referer: http://machen.ai
[Thu Jun 11 23:38:22.698322 2026] [security2:error] [pid 10949:tid 10961] [client 45.198.224.22:43362] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitxHkRFtDk6jPH-LhPpygAAAAk"]
[Thu Jun 11 23:43:28.957758 2026] [security2:error] [pid 12621:tid 12643] [client 78.153.140.149:59348] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityUBe-I_6KUjo_PUyR6wAAAJE"]
[Thu Jun 11 23:43:28.958022 2026] [security2:error] [pid 12621:tid 12643] [client 78.153.140.149:59348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityUBe-I_6KUjo_PUyR6wAAAJE"]
[Thu Jun 11 23:43:28.958328 2026] [security2:error] [pid 12621:tid 12643] [client 78.153.140.149:59348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityUBe-I_6KUjo_PUyR6wAAAJE"]
[Thu Jun 11 23:43:28.959632 2026] [security2:error] [pid 12621:tid 12643] [client 78.153.140.149:59348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityUBe-I_6KUjo_PUyR6wAAAJE"]
[Thu Jun 11 23:43:29.320003 2026] [security2:error] [pid 27514:tid 27521] [client 78.153.140.149:59356] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aityUe3j8ahqNX0SlP5-fwAAAMM"]
[Thu Jun 11 23:45:24.314900 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityxGAwrcQa3cFQ5_07uwAAARY"]
[Thu Jun 11 23:45:24.315160 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityxGAwrcQa3cFQ5_07uwAAARY"]
[Thu Jun 11 23:45:24.315477 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aityxGAwrcQa3cFQ5_07uwAAARY"]
[Thu Jun 11 23:45:24.315771 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityxGAwrcQa3cFQ5_07uwAAARY"]
[Thu Jun 11 23:45:24.458483 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aityxGAwrcQa3cFQ5_07vAAAARY"]
[Thu Jun 11 23:45:24.458766 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aityxGAwrcQa3cFQ5_07vAAAARY"]
[Thu Jun 11 23:45:24.459080 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.php"] [unique_id "aityxGAwrcQa3cFQ5_07vAAAARY"]
[Thu Jun 11 23:45:24.459339 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityxGAwrcQa3cFQ5_07vAAAARY"]
[Thu Jun 11 23:45:24.600565 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aityxGAwrcQa3cFQ5_07vQAAARY"]
[Thu Jun 11 23:45:24.600867 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aityxGAwrcQa3cFQ5_07vQAAARY"]
[Thu Jun 11 23:45:24.601110 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.sample.php"] [unique_id "aityxGAwrcQa3cFQ5_07vQAAARY"]
[Thu Jun 11 23:45:24.601445 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityxGAwrcQa3cFQ5_07vQAAARY"]
[Thu Jun 11 23:45:24.743605 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aityxGAwrcQa3cFQ5_07vgAAARY"]
[Thu Jun 11 23:45:24.743843 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aityxGAwrcQa3cFQ5_07vgAAARY"]
[Thu Jun 11 23:45:24.744098 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.local.php"] [unique_id "aityxGAwrcQa3cFQ5_07vgAAARY"]
[Thu Jun 11 23:45:24.744360 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityxGAwrcQa3cFQ5_07vgAAARY"]
[Thu Jun 11 23:45:24.888538 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aityxGAwrcQa3cFQ5_07vwAAARY"]
[Thu Jun 11 23:45:24.888868 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aityxGAwrcQa3cFQ5_07vwAAARY"]
[Thu Jun 11 23:45:24.889165 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env.production.php"] [unique_id "aityxGAwrcQa3cFQ5_07vwAAARY"]
[Thu Jun 11 23:45:24.889417 2026] [security2:error] [pid 2118:tid 2154] [client 80.94.95.211:21911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aityxGAwrcQa3cFQ5_07vwAAARY"]
[Thu Jun 11 23:46:40.761290 2026] [security2:error] [pid 8259:tid 8285] [client 45.156.129.135:41322] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aitzEHolEJBFTjlHisx-0AAAAVY"]
[Thu Jun 11 23:46:40.796735 2026] [security2:error] [pid 8259:tid 8285] [client 45.156.129.135:41322] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aitzEHolEJBFTjlHisx-0QAAAVY"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Thu Jun 11 23:53:51.016880 2026] [security2:error] [pid 8259:tid 8280] [client 93.123.109.178:60122] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "mail.sonneconsultoria.com.br"] [uri "/"] [unique_id "ait0v3olEJBFTjlHisyHBQAAAVE"]
[Thu Jun 11 23:53:51.017221 2026] [security2:error] [pid 8259:tid 8280] [client 93.123.109.178:60122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sonneconsultoria.com.br"] [uri "/"] [unique_id "ait0v3olEJBFTjlHisyHBQAAAVE"]
[Thu Jun 11 23:53:51.017505 2026] [security2:error] [pid 8259:tid 8280] [client 93.123.109.178:60122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.sonneconsultoria.com.br"] [uri "/"] [unique_id "ait0v3olEJBFTjlHisyHBQAAAVE"]
[Fri Jun 12 00:08:07.989448 2026] [security2:error] [pid 6693:tid 6720] [client 45.148.10.67:43738] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ait4F3jPYfbesaCsFzMqBQAAABY"]
[Fri Jun 12 00:10:35.260429 2026] [security2:error] [pid 2118:tid 2132] [client 13.87.230.252:57382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait4q2AwrcQa3cFQ5_1XkwAAAQs"]
[Fri Jun 12 00:10:35.296544 2026] [security2:error] [pid 2118:tid 2132] [client 13.87.230.252:57382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ait4q2AwrcQa3cFQ5_1XlAAAAQs"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 00:10:35.682481 2026] [security2:error] [pid 2118:tid 2132] [client 13.87.230.252:57382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait4q2AwrcQa3cFQ5_1XmAAAAQs"]
[Fri Jun 12 00:10:35.719387 2026] [security2:error] [pid 2118:tid 2132] [client 13.87.230.252:57382] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "ait4q2AwrcQa3cFQ5_1XmQAAAQs"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 00:13:57.170679 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "ait5defOlZI6G7yRn5KWpQAAAEE"]
[Fri Jun 12 00:13:57.171369 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "ait5defOlZI6G7yRn5KWpQAAAEE"]
[Fri Jun 12 00:13:57.171665 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/wp-content/debug.log"] [unique_id "ait5defOlZI6G7yRn5KWpQAAAEE"]
[Fri Jun 12 00:13:57.689014 2026] [security2:error] [pid 8259:tid 8263] [client 208.84.101.75:54386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "ait5dXolEJBFTjlHisyXsQAAAUA"]
[Fri Jun 12 00:13:57.689334 2026] [security2:error] [pid 8259:tid 8263] [client 208.84.101.75:54386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "ait5dXolEJBFTjlHisyXsQAAAUA"]
[Fri Jun 12 00:13:57.689623 2026] [security2:error] [pid 8259:tid 8263] [client 208.84.101.75:54386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.development"] [unique_id "ait5dXolEJBFTjlHisyXsQAAAUA"]
[Fri Jun 12 00:13:57.706405 2026] [security2:error] [pid 11021:tid 11030] [client 208.84.101.75:54478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "ait5defOlZI6G7yRn5KWqQAAAEA"]
[Fri Jun 12 00:13:57.706691 2026] [security2:error] [pid 11021:tid 11030] [client 208.84.101.75:54478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "ait5defOlZI6G7yRn5KWqQAAAEA"]
[Fri Jun 12 00:13:57.709969 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "ait5defOlZI6G7yRn5KWqgAAAEE"]
[Fri Jun 12 00:13:57.710200 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "ait5defOlZI6G7yRn5KWqgAAAEE"]
[Fri Jun 12 00:13:57.710494 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:54338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "ait5defOlZI6G7yRn5KWqgAAAEE"]
[Fri Jun 12 00:13:57.713685 2026] [security2:error] [pid 2118:tid 2134] [client 208.84.101.75:54544] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "ait5dWAwrcQa3cFQ5_1augAAAQ0"]
[Fri Jun 12 00:13:57.713993 2026] [security2:error] [pid 2118:tid 2134] [client 208.84.101.75:54544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "ait5dWAwrcQa3cFQ5_1augAAAQ0"]
[Fri Jun 12 00:13:57.714229 2026] [security2:error] [pid 2118:tid 2134] [client 208.84.101.75:54544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.aws/credentials"] [unique_id "ait5dWAwrcQa3cFQ5_1augAAAQ0"]
[Fri Jun 12 00:13:57.716373 2026] [security2:error] [pid 11021:tid 11054] [client 208.84.101.75:54394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "ait5defOlZI6G7yRn5KWqwAAAFg"]
[Fri Jun 12 00:13:57.716634 2026] [security2:error] [pid 11021:tid 11054] [client 208.84.101.75:54394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "ait5defOlZI6G7yRn5KWqwAAAFg"]
[Fri Jun 12 00:13:57.716937 2026] [security2:error] [pid 11021:tid 11054] [client 208.84.101.75:54394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.staging"] [unique_id "ait5defOlZI6G7yRn5KWqwAAAFg"]
[Fri Jun 12 00:13:57.718461 2026] [security2:error] [pid 8259:tid 8271] [client 208.84.101.75:54482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "ait5dXolEJBFTjlHisyXtAAAAUg"]
[Fri Jun 12 00:13:57.718729 2026] [security2:error] [pid 8259:tid 8271] [client 208.84.101.75:54482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "ait5dXolEJBFTjlHisyXtAAAAUg"]
[Fri Jun 12 00:13:57.718951 2026] [security2:error] [pid 8259:tid 8271] [client 208.84.101.75:54482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/src/.env"] [unique_id "ait5dXolEJBFTjlHisyXtAAAAUg"]
[Fri Jun 12 00:13:57.720060 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:54462] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "ait5defOlZI6G7yRn5KWrAAAAEk"]
[Fri Jun 12 00:13:57.720245 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:54462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "ait5defOlZI6G7yRn5KWrAAAAEk"]
[Fri Jun 12 00:13:57.720466 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:54462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/api/.env"] [unique_id "ait5defOlZI6G7yRn5KWrAAAAEk"]
[Fri Jun 12 00:13:57.730392 2026] [security2:error] [pid 2118:tid 2139] [client 208.84.101.75:54506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avAAAAQ4"]
[Fri Jun 12 00:13:57.730610 2026] [security2:error] [pid 2118:tid 2139] [client 208.84.101.75:54506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avAAAAQ4"]
[Fri Jun 12 00:13:57.730929 2026] [security2:error] [pid 2118:tid 2139] [client 208.84.101.75:54506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/public/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avAAAAQ4"]
[Fri Jun 12 00:13:57.734468 2026] [security2:error] [pid 21150:tid 21159] [client 208.84.101.75:54502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "ait5dShtFHEdnREfgjPUewAAAIQ"]
[Fri Jun 12 00:13:57.740005 2026] [security2:error] [pid 27514:tid 27532] [client 208.84.101.75:54438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "ait5de3j8ahqNX0SlP6aaQAAAM4"]
[Fri Jun 12 00:13:57.785294 2026] [security2:error] [pid 27514:tid 27532] [client 208.84.101.75:54438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "ait5de3j8ahqNX0SlP6aaQAAAM4"]
[Fri Jun 12 00:13:57.785509 2026] [security2:error] [pid 27514:tid 27532] [client 208.84.101.75:54438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.save"] [unique_id "ait5de3j8ahqNX0SlP6aaQAAAM4"]
[Fri Jun 12 00:13:57.741125 2026] [security2:error] [pid 6693:tid 6701] [client 208.84.101.75:54424] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "ait5dXjPYfbesaCsFzMuRgAAAAM"]
[Fri Jun 12 00:13:57.786363 2026] [security2:error] [pid 6693:tid 6701] [client 208.84.101.75:54424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "ait5dXjPYfbesaCsFzMuRgAAAAM"]
[Fri Jun 12 00:13:57.786640 2026] [security2:error] [pid 6693:tid 6701] [client 208.84.101.75:54424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "ait5dXjPYfbesaCsFzMuRgAAAAM"]
[Fri Jun 12 00:13:57.786920 2026] [security2:error] [pid 6693:tid 6701] [client 208.84.101.75:54424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.old"] [unique_id "ait5dXjPYfbesaCsFzMuRgAAAAM"]
[Fri Jun 12 00:13:57.744206 2026] [security2:error] [pid 8259:tid 8282] [client 208.84.101.75:54496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "ait5dXolEJBFTjlHisyXtwAAAVM"]
[Fri Jun 12 00:13:57.789040 2026] [security2:error] [pid 8259:tid 8282] [client 208.84.101.75:54496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "ait5dXolEJBFTjlHisyXtwAAAVM"]
[Fri Jun 12 00:13:57.789321 2026] [security2:error] [pid 8259:tid 8282] [client 208.84.101.75:54496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/server/.env"] [unique_id "ait5dXolEJBFTjlHisyXtwAAAVM"]
[Fri Jun 12 00:13:57.749388 2026] [security2:error] [pid 11021:tid 11043] [client 208.84.101.75:54408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "ait5defOlZI6G7yRn5KWsAAAAE0"]
[Fri Jun 12 00:13:57.750703 2026] [security2:error] [pid 27514:tid 27542] [client 208.84.101.75:54360] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "ait5de3j8ahqNX0SlP6aagAAANg"]
[Fri Jun 12 00:13:57.789765 2026] [security2:error] [pid 8259:tid 8268] [client 208.84.101.75:55022] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "ait5dXolEJBFTjlHisyXvgAAAUU"]
[Fri Jun 12 00:13:57.789878 2026] [security2:error] [pid 27514:tid 27542] [client 208.84.101.75:54360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "ait5de3j8ahqNX0SlP6aagAAANg"]
[Fri Jun 12 00:13:57.789989 2026] [security2:error] [pid 8259:tid 8268] [client 208.84.101.75:55022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "ait5dXolEJBFTjlHisyXvgAAAUU"]
[Fri Jun 12 00:13:57.790112 2026] [security2:error] [pid 27514:tid 27542] [client 208.84.101.75:54360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "ait5de3j8ahqNX0SlP6aagAAANg"]
[Fri Jun 12 00:13:57.790225 2026] [security2:error] [pid 8259:tid 8268] [client 208.84.101.75:55022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.docker/config.json"] [unique_id "ait5dXolEJBFTjlHisyXvgAAAUU"]
[Fri Jun 12 00:13:57.790347 2026] [security2:error] [pid 27514:tid 27542] [client 208.84.101.75:54360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.backup"] [unique_id "ait5de3j8ahqNX0SlP6aagAAANg"]
[Fri Jun 12 00:13:57.751045 2026] [security2:error] [pid 27514:tid 27536] [client 208.84.101.75:54362] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "ait5de3j8ahqNX0SlP6aawAAANI"]
[Fri Jun 12 00:13:57.790664 2026] [security2:error] [pid 27514:tid 27536] [client 208.84.101.75:54362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "ait5de3j8ahqNX0SlP6aawAAANI"]
[Fri Jun 12 00:13:57.790914 2026] [security2:error] [pid 27514:tid 27536] [client 208.84.101.75:54362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production"] [unique_id "ait5de3j8ahqNX0SlP6aawAAANI"]
[Fri Jun 12 00:13:57.753258 2026] [security2:error] [pid 8259:tid 8273] [client 208.84.101.75:54354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "ait5dXolEJBFTjlHisyXuQAAAUo"]
[Fri Jun 12 00:13:57.753426 2026] [security2:error] [pid 2118:tid 2156] [client 208.84.101.75:54380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avwAAARg"]
[Fri Jun 12 00:13:57.795045 2026] [security2:error] [pid 8259:tid 8273] [client 208.84.101.75:54354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "ait5dXolEJBFTjlHisyXuQAAAUo"]
[Fri Jun 12 00:13:57.795074 2026] [security2:error] [pid 2118:tid 2156] [client 208.84.101.75:54380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avwAAARg"]
[Fri Jun 12 00:13:57.795352 2026] [security2:error] [pid 8259:tid 8273] [client 208.84.101.75:54354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local"] [unique_id "ait5dXolEJBFTjlHisyXuQAAAUo"]
[Fri Jun 12 00:13:57.797044 2026] [security2:error] [pid 11021:tid 11030] [client 208.84.101.75:54478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/laravel/.env"] [unique_id "ait5defOlZI6G7yRn5KWqQAAAEA"]
[Fri Jun 12 00:13:57.754205 2026] [security2:error] [pid 6693:tid 6713] [client 208.84.101.75:54372] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "ait5dXjPYfbesaCsFzMuSAAAAA8"]
[Fri Jun 12 00:13:57.799873 2026] [security2:error] [pid 6693:tid 6713] [client 208.84.101.75:54372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "ait5dXjPYfbesaCsFzMuSAAAAA8"]
[Fri Jun 12 00:13:57.800173 2026] [security2:error] [pid 6693:tid 6713] [client 208.84.101.75:54372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "ait5dXjPYfbesaCsFzMuSAAAAA8"]
[Fri Jun 12 00:13:57.800430 2026] [security2:error] [pid 6693:tid 6713] [client 208.84.101.75:54372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.bak"] [unique_id "ait5dXjPYfbesaCsFzMuSAAAAA8"]
[Fri Jun 12 00:13:57.758430 2026] [security2:error] [pid 11021:tid 11032] [client 208.84.101.75:54468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "ait5defOlZI6G7yRn5KWrwAAAEI"]
[Fri Jun 12 00:13:57.801021 2026] [security2:error] [pid 11021:tid 11032] [client 208.84.101.75:54468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "ait5defOlZI6G7yRn5KWrwAAAEI"]
[Fri Jun 12 00:13:57.801289 2026] [security2:error] [pid 11021:tid 11032] [client 208.84.101.75:54468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/backend/.env"] [unique_id "ait5defOlZI6G7yRn5KWrwAAAEI"]
[Fri Jun 12 00:13:57.774281 2026] [security2:error] [pid 6693:tid 6706] [client 208.84.101.75:55028] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "ait5dXjPYfbesaCsFzMuSwAAAAg"]
[Fri Jun 12 00:13:57.801750 2026] [security2:error] [pid 6693:tid 6706] [client 208.84.101.75:55028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "ait5dXjPYfbesaCsFzMuSwAAAAg"]
[Fri Jun 12 00:13:57.802002 2026] [security2:error] [pid 6693:tid 6706] [client 208.84.101.75:55028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.kube/config"] [unique_id "ait5dXjPYfbesaCsFzMuSwAAAAg"]
[Fri Jun 12 00:13:57.795389 2026] [security2:error] [pid 2118:tid 2156] [client 208.84.101.75:54380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/app/.env"] [unique_id "ait5dWAwrcQa3cFQ5_1avwAAARg"]
[Fri Jun 12 00:13:57.796476 2026] [security2:error] [pid 11021:tid 11043] [client 208.84.101.75:54408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "ait5defOlZI6G7yRn5KWsAAAAE0"]
[Fri Jun 12 00:13:57.805253 2026] [security2:error] [pid 11021:tid 11043] [client 208.84.101.75:54408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.test"] [unique_id "ait5defOlZI6G7yRn5KWsAAAAE0"]
[Fri Jun 12 00:13:57.813689 2026] [security2:error] [pid 21150:tid 21159] [client 208.84.101.75:54502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "ait5dShtFHEdnREfgjPUewAAAIQ"]
[Fri Jun 12 00:13:57.814033 2026] [security2:error] [pid 21150:tid 21159] [client 208.84.101.75:54502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/web/.env"] [unique_id "ait5dShtFHEdnREfgjPUewAAAIQ"]
[Fri Jun 12 00:14:00.609275 2026] [cgid:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 00:14:02.310922 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "ait5emAwrcQa3cFQ5_1azAAAAQc"]
[Fri Jun 12 00:14:02.311289 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "ait5emAwrcQa3cFQ5_1azAAAAQc"]
[Fri Jun 12 00:14:02.311612 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.copy"] [unique_id "ait5emAwrcQa3cFQ5_1azAAAAQc"]
[Fri Jun 12 00:14:02.335896 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "ait5emAwrcQa3cFQ5_1azQAAARY"]
[Fri Jun 12 00:14:02.336164 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "ait5emAwrcQa3cFQ5_1azQAAARY"]
[Fri Jun 12 00:14:02.336536 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "ait5emAwrcQa3cFQ5_1azQAAARY"]
[Fri Jun 12 00:14:02.336855 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.bak"] [unique_id "ait5emAwrcQa3cFQ5_1azQAAARY"]
[Fri Jun 12 00:14:02.337602 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "ait5eufOlZI6G7yRn5KWzgAAAEQ"]
[Fri Jun 12 00:14:02.337850 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "ait5eufOlZI6G7yRn5KWzgAAAEQ"]
[Fri Jun 12 00:14:02.338159 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "ait5eufOlZI6G7yRn5KWzgAAAEQ"]
[Fri Jun 12 00:14:02.338456 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env~"] [unique_id "ait5eufOlZI6G7yRn5KWzgAAAEQ"]
[Fri Jun 12 00:14:03.019245 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "ait5e-fOlZI6G7yRn5KW0wAAAEo"]
[Fri Jun 12 00:14:03.019472 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "ait5e-fOlZI6G7yRn5KW0wAAAEo"]
[Fri Jun 12 00:14:03.019833 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "ait5e-fOlZI6G7yRn5KW0wAAAEo"]
[Fri Jun 12 00:14:03.020131 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.old"] [unique_id "ait5e-fOlZI6G7yRn5KW0wAAAEo"]
[Fri Jun 12 00:14:03.970986 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "ait5e-fOlZI6G7yRn5KW2AAAAEo"]
[Fri Jun 12 00:14:03.971232 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "ait5e-fOlZI6G7yRn5KW2AAAAEo"]
[Fri Jun 12 00:14:03.971523 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.save"] [unique_id "ait5e-fOlZI6G7yRn5KW2AAAAEo"]
[Fri Jun 12 00:14:03.971533 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "ait5e2AwrcQa3cFQ5_1a0AAAAQc"]
[Fri Jun 12 00:14:03.971784 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "ait5e2AwrcQa3cFQ5_1a0AAAAQc"]
[Fri Jun 12 00:14:03.971994 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "ait5e2AwrcQa3cFQ5_1a0AAAAQc"]
[Fri Jun 12 00:14:03.972198 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "ait5e2AwrcQa3cFQ5_1azwAAARY"]
[Fri Jun 12 00:14:03.972257 2026] [security2:error] [pid 2118:tid 2128] [client 208.84.101.75:54696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production~"] [unique_id "ait5e2AwrcQa3cFQ5_1a0AAAAQc"]
[Fri Jun 12 00:14:03.972525 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "ait5e2AwrcQa3cFQ5_1azwAAARY"]
[Fri Jun 12 00:14:03.972822 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "ait5e2AwrcQa3cFQ5_1azwAAARY"]
[Fri Jun 12 00:14:03.973171 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.old"] [unique_id "ait5e2AwrcQa3cFQ5_1azwAAARY"]
[Fri Jun 12 00:14:03.973534 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "ait5e-fOlZI6G7yRn5KW2QAAAEQ"]
[Fri Jun 12 00:14:03.973770 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "ait5e-fOlZI6G7yRn5KW2QAAAEQ"]
[Fri Jun 12 00:14:03.973988 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "ait5e-fOlZI6G7yRn5KW2QAAAEQ"]
[Fri Jun 12 00:14:03.974209 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.swp"] [unique_id "ait5e-fOlZI6G7yRn5KW2QAAAEQ"]
[Fri Jun 12 00:14:04.457299 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "ait5fOfOlZI6G7yRn5KW3QAAAEo"]
[Fri Jun 12 00:14:04.457662 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "ait5fOfOlZI6G7yRn5KW3QAAAEo"]
[Fri Jun 12 00:14:04.457966 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "ait5fOfOlZI6G7yRn5KW3QAAAEo"]
[Fri Jun 12 00:14:04.458250 2026] [security2:error] [pid 11021:tid 11040] [client 208.84.101.75:19458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.backup"] [unique_id "ait5fOfOlZI6G7yRn5KW3QAAAEo"]
[Fri Jun 12 00:14:04.479665 2026] [security2:error] [pid 8259:tid 8274] [client 208.84.101.75:19510] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzAAAAUs"]
[Fri Jun 12 00:14:04.479955 2026] [security2:error] [pid 8259:tid 8274] [client 208.84.101.75:19510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzAAAAUs"]
[Fri Jun 12 00:14:04.480319 2026] [security2:error] [pid 8259:tid 8274] [client 208.84.101.75:19510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzAAAAUs"]
[Fri Jun 12 00:14:04.489684 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0QAAARY"]
[Fri Jun 12 00:14:04.490161 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0QAAARY"]
[Fri Jun 12 00:14:04.490504 2026] [security2:error] [pid 2118:tid 2154] [client 208.84.101.75:55048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0QAAARY"]
[Fri Jun 12 00:14:04.498793 2026] [security2:error] [pid 11021:tid 11036] [client 208.84.101.75:19544] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "ait5fOfOlZI6G7yRn5KW3gAAAEY"]
[Fri Jun 12 00:14:04.499031 2026] [security2:error] [pid 11021:tid 11036] [client 208.84.101.75:19544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "ait5fOfOlZI6G7yRn5KW3gAAAEY"]
[Fri Jun 12 00:14:04.499268 2026] [security2:error] [pid 11021:tid 11036] [client 208.84.101.75:19544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/main"] [unique_id "ait5fOfOlZI6G7yRn5KW3gAAAEY"]
[Fri Jun 12 00:14:04.531031 2026] [security2:error] [pid 27514:tid 27525] [client 208.84.101.75:19638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "ait5fO3j8ahqNX0SlP6aigAAAMc"]
[Fri Jun 12 00:14:04.531393 2026] [security2:error] [pid 27514:tid 27525] [client 208.84.101.75:19638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "ait5fO3j8ahqNX0SlP6aigAAAMc"]
[Fri Jun 12 00:14:04.531798 2026] [security2:error] [pid 27514:tid 27525] [client 208.84.101.75:19638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.copy"] [unique_id "ait5fO3j8ahqNX0SlP6aigAAAMc"]
[Fri Jun 12 00:14:04.533505 2026] [security2:error] [pid 6693:tid 6702] [client 208.84.101.75:19506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "ait5fHjPYfbesaCsFzMubgAAAAQ"]
[Fri Jun 12 00:14:04.533808 2026] [security2:error] [pid 6693:tid 6702] [client 208.84.101.75:19506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "ait5fHjPYfbesaCsFzMubgAAAAQ"]
[Fri Jun 12 00:14:04.534055 2026] [security2:error] [pid 6693:tid 6702] [client 208.84.101.75:19506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.save"] [unique_id "ait5fHjPYfbesaCsFzMubgAAAAQ"]
[Fri Jun 12 00:14:04.535435 2026] [security2:error] [pid 21150:tid 21179] [client 208.84.101.75:19492] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "ait5fChtFHEdnREfgjPUogAAAJg"]
[Fri Jun 12 00:14:04.535712 2026] [security2:error] [pid 21150:tid 21179] [client 208.84.101.75:19492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "ait5fChtFHEdnREfgjPUogAAAJg"]
[Fri Jun 12 00:14:04.536004 2026] [security2:error] [pid 21150:tid 21179] [client 208.84.101.75:19492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "ait5fChtFHEdnREfgjPUogAAAJg"]
[Fri Jun 12 00:14:04.536288 2026] [security2:error] [pid 21150:tid 21179] [client 208.84.101.75:19492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.backup"] [unique_id "ait5fChtFHEdnREfgjPUogAAAJg"]
[Fri Jun 12 00:14:04.537515 2026] [security2:error] [pid 8259:tid 8286] [client 208.84.101.75:19508] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "ait5fHolEJBFTjlHisyXzQAAAVc"]
[Fri Jun 12 00:14:04.537745 2026] [security2:error] [pid 8259:tid 8286] [client 208.84.101.75:19508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "ait5fHolEJBFTjlHisyXzQAAAVc"]
[Fri Jun 12 00:14:04.537949 2026] [security2:error] [pid 8259:tid 8286] [client 208.84.101.75:19508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "ait5fHolEJBFTjlHisyXzQAAAVc"]
[Fri Jun 12 00:14:04.538189 2026] [security2:error] [pid 8259:tid 8286] [client 208.84.101.75:19508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local~"] [unique_id "ait5fHolEJBFTjlHisyXzQAAAVc"]
[Fri Jun 12 00:14:04.539005 2026] [security2:error] [pid 27514:tid 27534] [client 208.84.101.75:19476] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "ait5fO3j8ahqNX0SlP6aiwAAANA"]
[Fri Jun 12 00:14:04.539203 2026] [security2:error] [pid 27514:tid 27534] [client 208.84.101.75:19476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "ait5fO3j8ahqNX0SlP6aiwAAANA"]
[Fri Jun 12 00:14:04.539393 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:19466] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "ait5fOfOlZI6G7yRn5KW3wAAAEk"]
[Fri Jun 12 00:14:04.539422 2026] [security2:error] [pid 27514:tid 27534] [client 208.84.101.75:19476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "ait5fO3j8ahqNX0SlP6aiwAAANA"]
[Fri Jun 12 00:14:04.539668 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:19466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "ait5fOfOlZI6G7yRn5KW3wAAAEk"]
[Fri Jun 12 00:14:04.539717 2026] [security2:error] [pid 27514:tid 27534] [client 208.84.101.75:19476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.swp"] [unique_id "ait5fO3j8ahqNX0SlP6aiwAAANA"]
[Fri Jun 12 00:14:04.539932 2026] [security2:error] [pid 11021:tid 11039] [client 208.84.101.75:19466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/logs/HEAD"] [unique_id "ait5fOfOlZI6G7yRn5KW3wAAAEk"]
[Fri Jun 12 00:14:04.541278 2026] [security2:error] [pid 2118:tid 2143] [client 208.84.101.75:19470] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0gAAARE"]
[Fri Jun 12 00:14:04.541511 2026] [security2:error] [pid 2118:tid 2143] [client 208.84.101.75:19470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0gAAARE"]
[Fri Jun 12 00:14:04.541781 2026] [security2:error] [pid 2118:tid 2143] [client 208.84.101.75:19470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.local.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a0gAAARE"]
[Fri Jun 12 00:14:04.561931 2026] [security2:error] [pid 21150:tid 21157] [client 208.84.101.75:19584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "ait5fChtFHEdnREfgjPUowAAAII"]
[Fri Jun 12 00:14:04.562193 2026] [security2:error] [pid 21150:tid 21157] [client 208.84.101.75:19584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "ait5fChtFHEdnREfgjPUowAAAII"]
[Fri Jun 12 00:14:04.562460 2026] [security2:error] [pid 21150:tid 21157] [client 208.84.101.75:19584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.copy"] [unique_id "ait5fChtFHEdnREfgjPUowAAAII"]
[Fri Jun 12 00:14:04.565307 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "ait5fOfOlZI6G7yRn5KW4AAAAEQ"]
[Fri Jun 12 00:14:04.565523 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "ait5fOfOlZI6G7yRn5KW4AAAAEQ"]
[Fri Jun 12 00:14:04.565772 2026] [security2:error] [pid 11021:tid 11034] [client 208.84.101.75:54730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/refs/heads/master"] [unique_id "ait5fOfOlZI6G7yRn5KW4AAAAEQ"]
[Fri Jun 12 00:14:04.567662 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:19572] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "ait5fOfOlZI6G7yRn5KW4QAAAEE"]
[Fri Jun 12 00:14:04.567893 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:19572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "ait5fOfOlZI6G7yRn5KW4QAAAEE"]
[Fri Jun 12 00:14:04.568091 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:19572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "ait5fOfOlZI6G7yRn5KW4QAAAEE"]
[Fri Jun 12 00:14:04.568314 2026] [security2:error] [pid 11021:tid 11031] [client 208.84.101.75:19572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.swp"] [unique_id "ait5fOfOlZI6G7yRn5KW4QAAAEE"]
[Fri Jun 12 00:14:04.569831 2026] [security2:error] [pid 2118:tid 2132] [client 208.84.101.75:19560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a1AAAAQs"]
[Fri Jun 12 00:14:04.570062 2026] [security2:error] [pid 2118:tid 2132] [client 208.84.101.75:19560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a1AAAAQs"]
[Fri Jun 12 00:14:04.570326 2026] [security2:error] [pid 2118:tid 2132] [client 208.84.101.75:19560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.orig"] [unique_id "ait5fGAwrcQa3cFQ5_1a1AAAAQs"]
[Fri Jun 12 00:14:04.571656 2026] [security2:error] [pid 27514:tid 27518] [client 208.84.101.75:19546] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "ait5fO3j8ahqNX0SlP6ajAAAAMA"]
[Fri Jun 12 00:14:04.571863 2026] [security2:error] [pid 27514:tid 27518] [client 208.84.101.75:19546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "ait5fO3j8ahqNX0SlP6ajAAAAMA"]
[Fri Jun 12 00:14:04.572061 2026] [security2:error] [pid 27514:tid 27518] [client 208.84.101.75:19546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "ait5fO3j8ahqNX0SlP6ajAAAAMA"]
[Fri Jun 12 00:14:04.572380 2026] [security2:error] [pid 27514:tid 27518] [client 208.84.101.75:19546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env.production.bak"] [unique_id "ait5fO3j8ahqNX0SlP6ajAAAAMA"]
[Fri Jun 12 00:14:04.852302 2026] [security2:error] [pid 8259:tid 8276] [client 208.84.101.75:19536] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzwAAAU0"]
[Fri Jun 12 00:14:04.853025 2026] [security2:error] [pid 8259:tid 8276] [client 208.84.101.75:19536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzwAAAU0"]
[Fri Jun 12 00:14:04.853755 2026] [security2:error] [pid 8259:tid 8276] [client 208.84.101.75:19536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "ait5fHolEJBFTjlHisyXzwAAAU0"]
[Fri Jun 12 00:14:04.855885 2026] [security2:error] [pid 2118:tid 2153] [client 208.84.101.75:19526] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "ait5fGAwrcQa3cFQ5_1a1QAAARU"]
[Fri Jun 12 00:14:04.856125 2026] [security2:error] [pid 2118:tid 2153] [client 208.84.101.75:19526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "ait5fGAwrcQa3cFQ5_1a1QAAARU"]
[Fri Jun 12 00:14:04.856470 2026] [security2:error] [pid 2118:tid 2153] [client 208.84.101.75:19526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.git/config"] [unique_id "ait5fGAwrcQa3cFQ5_1a1QAAARU"]
[Fri Jun 12 00:15:51.895339 2026] [security2:error] [pid 27514:tid 27520] [client 20.59.127.49:25020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait55-3j8ahqNX0SlP6b9wAAAMI"]
[Fri Jun 12 00:15:51.932417 2026] [security2:error] [pid 27514:tid 27520] [client 20.59.127.49:25020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "ait55-3j8ahqNX0SlP6b-AAAAMI"]
[Fri Jun 12 00:15:52.178646 2026] [security2:error] [pid 27514:tid 27520] [client 20.59.127.49:25020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait56O3j8ahqNX0SlP6b-wAAAMI"]
[Fri Jun 12 00:15:52.213422 2026] [security2:error] [pid 27514:tid 27520] [client 20.59.127.49:25020] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "ait56O3j8ahqNX0SlP6b_AAAAMI"]
[Fri Jun 12 00:15:54.000665 2026] [security2:error] [pid 27514:tid 27533] [client 45.156.128.152:47994] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ait56e3j8ahqNX0SlP6cAQAAAM8"], referer: http://machen.ai/Telerik.Web.UI.WebResource.axd?type=rau
[Fri Jun 12 00:15:54.001262 2026] [security2:error] [pid 27514:tid 27533] [client 45.156.128.152:47994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ait56e3j8ahqNX0SlP6cAQAAAM8"], referer: http://machen.ai/Telerik.Web.UI.WebResource.axd?type=rau
[Fri Jun 12 00:15:54.386994 2026] [security2:error] [pid 27514:tid 27533] [client 45.156.128.152:47994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "ait56e3j8ahqNX0SlP6cAQAAAM8"], referer: http://machen.ai/Telerik.Web.UI.WebResource.axd?type=rau
[Fri Jun 12 00:16:33.235717 2026] [security2:error] [pid 27514:tid 27524] [client 77.83.39.197:60056] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6Ee3j8ahqNX0SlP6cbwAAAMY"]
[Fri Jun 12 00:16:33.235894 2026] [security2:error] [pid 27514:tid 27524] [client 77.83.39.197:60056] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6Ee3j8ahqNX0SlP6cbwAAAMY"]
[Fri Jun 12 00:16:33.236033 2026] [security2:error] [pid 27514:tid 27524] [client 77.83.39.197:60056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6Ee3j8ahqNX0SlP6cbwAAAMY"]
[Fri Jun 12 00:16:33.236425 2026] [security2:error] [pid 27514:tid 27524] [client 77.83.39.197:60056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6Ee3j8ahqNX0SlP6cbwAAAMY"]
[Fri Jun 12 00:16:33.236723 2026] [security2:error] [pid 27514:tid 27524] [client 77.83.39.197:60056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ait6Ee3j8ahqNX0SlP6cbwAAAMY"]
[Fri Jun 12 00:16:48.553234 2026] [security2:error] [pid 11021:tid 11046] [client 77.83.39.197:36536] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6IOfOlZI6G7yRn5KZTQAAAFA"]
[Fri Jun 12 00:16:48.553408 2026] [security2:error] [pid 11021:tid 11046] [client 77.83.39.197:36536] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6IOfOlZI6G7yRn5KZTQAAAFA"]
[Fri Jun 12 00:16:48.553546 2026] [security2:error] [pid 11021:tid 11046] [client 77.83.39.197:36536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6IOfOlZI6G7yRn5KZTQAAAFA"]
[Fri Jun 12 00:16:48.553850 2026] [security2:error] [pid 11021:tid 11046] [client 77.83.39.197:36536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6IOfOlZI6G7yRn5KZTQAAAFA"]
[Fri Jun 12 00:16:48.554124 2026] [security2:error] [pid 11021:tid 11046] [client 77.83.39.197:36536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ait6IOfOlZI6G7yRn5KZTQAAAFA"]
[Fri Jun 12 00:17:14.657802 2026] [security2:error] [pid 21150:tid 21169] [client 77.83.39.197:48300] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6OihtFHEdnREfgjPYtQAAAI4"]
[Fri Jun 12 00:17:14.657961 2026] [security2:error] [pid 21150:tid 21169] [client 77.83.39.197:48300] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6OihtFHEdnREfgjPYtQAAAI4"]
[Fri Jun 12 00:17:14.658099 2026] [security2:error] [pid 21150:tid 21169] [client 77.83.39.197:48300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6OihtFHEdnREfgjPYtQAAAI4"]
[Fri Jun 12 00:17:14.658382 2026] [security2:error] [pid 21150:tid 21169] [client 77.83.39.197:48300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6OihtFHEdnREfgjPYtQAAAI4"]
[Fri Jun 12 00:17:14.807829 2026] [security2:error] [pid 21150:tid 21169] [client 77.83.39.197:48300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6OihtFHEdnREfgjPYtQAAAI4"]
[Fri Jun 12 00:17:18.304628 2026] [security2:error] [pid 27514:tid 27526] [client 77.83.39.197:43898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6Pu3j8ahqNX0SlP6cywAAAMg"]
[Fri Jun 12 00:17:18.304831 2026] [security2:error] [pid 27514:tid 27526] [client 77.83.39.197:43898] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6Pu3j8ahqNX0SlP6cywAAAMg"]
[Fri Jun 12 00:17:18.305016 2026] [security2:error] [pid 27514:tid 27526] [client 77.83.39.197:43898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6Pu3j8ahqNX0SlP6cywAAAMg"]
[Fri Jun 12 00:17:18.305270 2026] [security2:error] [pid 27514:tid 27526] [client 77.83.39.197:43898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6Pu3j8ahqNX0SlP6cywAAAMg"]
[Fri Jun 12 00:17:18.573162 2026] [security2:error] [pid 27514:tid 27526] [client 77.83.39.197:43898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6Pu3j8ahqNX0SlP6cywAAAMg"]
[Fri Jun 12 00:17:19.818610 2026] [security2:error] [pid 11021:tid 11048] [client 195.22.55.242:44784] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait6P-fOlZI6G7yRn5KZsgAAAFI"]
[Fri Jun 12 00:17:28.048658 2026] [security2:error] [pid 8259:tid 8276] [client 195.22.55.242:53332] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "augenn.com"] [uri "/"] [unique_id "ait6SHolEJBFTjlHisya-wAAAU0"]
[Fri Jun 12 00:17:36.023717 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6UHolEJBFTjlHisybHgAAAUg"]
[Fri Jun 12 00:17:36.023983 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6UHolEJBFTjlHisybHgAAAUg"]
[Fri Jun 12 00:17:36.024251 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "ait6UHolEJBFTjlHisybHgAAAUg"]
[Fri Jun 12 00:17:36.101700 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6UHolEJBFTjlHisybHgAAAUg"]
[Fri Jun 12 00:17:36.239691 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "ait6UHolEJBFTjlHisybHwAAAUg"]
[Fri Jun 12 00:17:36.239960 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "ait6UHolEJBFTjlHisybHwAAAUg"]
[Fri Jun 12 00:17:36.240246 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.php"] [unique_id "ait6UHolEJBFTjlHisybHwAAAUg"]
[Fri Jun 12 00:17:36.351432 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6UHolEJBFTjlHisybHwAAAUg"]
[Fri Jun 12 00:17:36.499450 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "ait6UHolEJBFTjlHisybIAAAAUg"]
[Fri Jun 12 00:17:36.499704 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "ait6UHolEJBFTjlHisybIAAAAUg"]
[Fri Jun 12 00:17:36.499936 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.sample.php"] [unique_id "ait6UHolEJBFTjlHisybIAAAAUg"]
[Fri Jun 12 00:17:36.602733 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6UHolEJBFTjlHisybIAAAAUg"]
[Fri Jun 12 00:17:36.740744 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "ait6UHolEJBFTjlHisybIQAAAUg"]
[Fri Jun 12 00:17:36.741004 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "ait6UHolEJBFTjlHisybIQAAAUg"]
[Fri Jun 12 00:17:36.741388 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.local.php"] [unique_id "ait6UHolEJBFTjlHisybIQAAAUg"]
[Fri Jun 12 00:17:36.862908 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6UHolEJBFTjlHisybIQAAAUg"]
[Fri Jun 12 00:17:37.000614 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "ait6UHolEJBFTjlHisybIgAAAUg"]
[Fri Jun 12 00:17:37.000884 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "ait6UHolEJBFTjlHisybIgAAAUg"]
[Fri Jun 12 00:17:37.001219 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.production.php"] [unique_id "ait6UHolEJBFTjlHisybIgAAAUg"]
[Fri Jun 12 00:17:37.081274 2026] [security2:error] [pid 8259:tid 8271] [client 80.94.95.211:43263] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "ait6UHolEJBFTjlHisybIgAAAUg"]
[Fri Jun 12 00:17:46.618918 2026] [security2:error] [pid 21150:tid 21176] [client 117.89.250.209:10749] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait6WihtFHEdnREfgjPZSAAAAJU"]
[Fri Jun 12 00:17:48.286270 2026] [security2:error] [pid 6693:tid 6701] [client 117.89.250.209:33687] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "ait6XHjPYfbesaCsFzMx2wAAAAM"]
[Fri Jun 12 00:17:50.284106 2026] [security2:error] [pid 2118:tid 2121] [client 78.153.140.156:55512] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6XmAwrcQa3cFQ5_1dWAAAAQA"]
[Fri Jun 12 00:17:50.284367 2026] [security2:error] [pid 2118:tid 2121] [client 78.153.140.156:55512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6XmAwrcQa3cFQ5_1dWAAAAQA"]
[Fri Jun 12 00:17:50.284691 2026] [security2:error] [pid 2118:tid 2121] [client 78.153.140.156:55512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "ait6XmAwrcQa3cFQ5_1dWAAAAQA"]
[Fri Jun 12 00:17:50.284932 2026] [security2:error] [pid 2118:tid 2121] [client 78.153.140.156:55512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "ait6XmAwrcQa3cFQ5_1dWAAAAQA"]
[Fri Jun 12 00:17:50.896685 2026] [security2:error] [pid 6693:tid 6716] [client 78.153.140.156:55518] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "ait6XnjPYfbesaCsFzMx6QAAABI"]
[Fri Jun 12 00:22:36.128297 2026] [security2:error] [pid 21150:tid 21165] [client 195.22.55.242:43766] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fChtFHEdnREfgjPdOgAAAIo"]
[Fri Jun 12 00:22:36.128857 2026] [security2:error] [pid 21150:tid 21165] [client 195.22.55.242:43766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fChtFHEdnREfgjPdOgAAAIo"]
[Fri Jun 12 00:22:36.129880 2026] [security2:error] [pid 21150:tid 21165] [client 195.22.55.242:43766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fChtFHEdnREfgjPdOgAAAIo"]
[Fri Jun 12 00:22:36.191822 2026] [security2:error] [pid 8259:tid 8265] [client 195.22.55.242:43772] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fHolEJBFTjlHisyf7AAAAUI"]
[Fri Jun 12 00:22:36.192613 2026] [security2:error] [pid 8259:tid 8265] [client 195.22.55.242:43772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fHolEJBFTjlHisyf7AAAAUI"]
[Fri Jun 12 00:22:36.193642 2026] [security2:error] [pid 8259:tid 8265] [client 195.22.55.242:43772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fHolEJBFTjlHisyf7AAAAUI"]
[Fri Jun 12 00:22:36.634609 2026] [security2:error] [pid 21150:tid 21155] [client 195.22.55.242:43780] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fChtFHEdnREfgjPdPAAAAIA"]
[Fri Jun 12 00:22:36.635097 2026] [security2:error] [pid 21150:tid 21155] [client 195.22.55.242:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fChtFHEdnREfgjPdPAAAAIA"]
[Fri Jun 12 00:22:36.635927 2026] [security2:error] [pid 21150:tid 21155] [client 195.22.55.242:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fChtFHEdnREfgjPdPAAAAIA"]
[Fri Jun 12 00:22:36.640689 2026] [security2:error] [pid 8259:tid 8281] [client 195.22.55.242:43806] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "ait7fHolEJBFTjlHisyf8QAAAVI"]
[Fri Jun 12 00:22:36.640956 2026] [security2:error] [pid 8259:tid 8281] [client 195.22.55.242:43806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "vps.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "ait7fHolEJBFTjlHisyf8QAAAVI"]
[Fri Jun 12 00:22:36.641150 2026] [security2:error] [pid 8259:tid 8281] [client 195.22.55.242:43806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "ait7fHolEJBFTjlHisyf8QAAAVI"]
[Fri Jun 12 00:22:36.642098 2026] [security2:error] [pid 8259:tid 8281] [client 195.22.55.242:43806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fHolEJBFTjlHisyf8QAAAVI"]
[Fri Jun 12 00:22:36.698246 2026] [security2:error] [pid 11021:tid 11037] [client 195.22.55.242:43820] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fOfOlZI6G7yRn5KfMgAAAEc"]
[Fri Jun 12 00:22:36.698839 2026] [security2:error] [pid 11021:tid 11037] [client 195.22.55.242:43820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fOfOlZI6G7yRn5KfMgAAAEc"]
[Fri Jun 12 00:22:36.699730 2026] [security2:error] [pid 11021:tid 11037] [client 195.22.55.242:43820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fOfOlZI6G7yRn5KfMgAAAEc"]
[Fri Jun 12 00:22:37.096739 2026] [security2:error] [pid 6693:tid 6716] [client 195.22.55.242:43836] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/evox/about"] [unique_id "ait7fXjPYfbesaCsFzM1CAAAABI"]
[Fri Jun 12 00:22:37.097308 2026] [security2:error] [pid 6693:tid 6716] [client 195.22.55.242:43836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/evox/about"] [unique_id "ait7fXjPYfbesaCsFzM1CAAAABI"]
[Fri Jun 12 00:22:37.098113 2026] [security2:error] [pid 6693:tid 6716] [client 195.22.55.242:43836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fXjPYfbesaCsFzM1CAAAABI"]
[Fri Jun 12 00:22:37.597643 2026] [security2:error] [pid 11021:tid 11035] [client 195.22.55.242:43842] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fefOlZI6G7yRn5KfNwAAAEU"]
[Fri Jun 12 00:22:37.598084 2026] [security2:error] [pid 11021:tid 11035] [client 195.22.55.242:43842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fefOlZI6G7yRn5KfNwAAAEU"]
[Fri Jun 12 00:22:37.598897 2026] [security2:error] [pid 11021:tid 11035] [client 195.22.55.242:43842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fefOlZI6G7yRn5KfNwAAAEU"]
[Fri Jun 12 00:22:38.213254 2026] [security2:error] [pid 8259:tid 8271] [client 195.22.55.242:43844] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fnolEJBFTjlHisyf-QAAAUg"]
[Fri Jun 12 00:22:38.213807 2026] [security2:error] [pid 8259:tid 8271] [client 195.22.55.242:43844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fnolEJBFTjlHisyf-QAAAUg"]
[Fri Jun 12 00:22:38.214626 2026] [security2:error] [pid 8259:tid 8271] [client 195.22.55.242:43844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fnolEJBFTjlHisyf-QAAAUg"]
[Fri Jun 12 00:22:38.694928 2026] [security2:error] [pid 6693:tid 6720] [client 195.22.55.242:43854] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fnjPYfbesaCsFzM1DAAAABY"]
[Fri Jun 12 00:22:38.695470 2026] [security2:error] [pid 6693:tid 6720] [client 195.22.55.242:43854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7fnjPYfbesaCsFzM1DAAAABY"]
[Fri Jun 12 00:22:38.696251 2026] [security2:error] [pid 6693:tid 6720] [client 195.22.55.242:43854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7fnjPYfbesaCsFzM1DAAAABY"]
[Fri Jun 12 00:22:39.118966 2026] [ssl:error] [pid 8259:tid 8276] [client 195.22.55.242:46644] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:39.119944 2026] [ssl:error] [pid 21150:tid 21162] [client 195.22.55.242:46628] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:39.169933 2026] [security2:error] [pid 6693:tid 6717] [client 195.22.55.242:43866] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7f3jPYfbesaCsFzM1DQAAABM"]
[Fri Jun 12 00:22:39.170342 2026] [security2:error] [pid 6693:tid 6717] [client 195.22.55.242:43866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7f3jPYfbesaCsFzM1DQAAABM"]
[Fri Jun 12 00:22:39.171174 2026] [security2:error] [pid 6693:tid 6717] [client 195.22.55.242:43866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7f3jPYfbesaCsFzM1DQAAABM"]
[Fri Jun 12 00:22:39.275113 2026] [ssl:error] [pid 11021:tid 11051] [client 195.22.55.242:46658] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:39.862277 2026] [ssl:error] [pid 11021:tid 11038] [client 195.22.55.242:46664] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:39.946209 2026] [ssl:error] [pid 6693:tid 6718] [client 195.22.55.242:46668] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:40.099828 2026] [ssl:error] [pid 8259:tid 8287] [client 195.22.55.242:46684] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:40.624894 2026] [ssl:error] [pid 21150:tid 21178] [client 195.22.55.242:46698] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:43.566288 2026] [ssl:error] [pid 21150:tid 21174] [client 195.22.55.242:46700] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:44.331341 2026] [ssl:error] [pid 21150:tid 21163] [client 195.22.55.242:33308] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:44.702177 2026] [security2:error] [pid 2118:tid 2139] [client 195.22.55.242:37480] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7hGAwrcQa3cFQ5_1hCgAAAQ4"]
[Fri Jun 12 00:22:44.702911 2026] [security2:error] [pid 2118:tid 2139] [client 195.22.55.242:37480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7hGAwrcQa3cFQ5_1hCgAAAQ4"]
[Fri Jun 12 00:22:44.709142 2026] [security2:error] [pid 2118:tid 2139] [client 195.22.55.242:37480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7hGAwrcQa3cFQ5_1hCgAAAQ4"]
[Fri Jun 12 00:22:47.663938 2026] [ssl:error] [pid 8259:tid 8266] [client 195.22.55.242:33310] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:48.235341 2026] [ssl:error] [pid 8259:tid 8270] [client 195.22.55.242:33318] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:48.819148 2026] [ssl:error] [pid 2118:tid 2127] [client 195.22.55.242:33334] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:49.403435 2026] [ssl:error] [pid 8259:tid 8264] [client 195.22.55.242:33340] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:50.074940 2026] [ssl:error] [pid 2118:tid 2147] [client 195.22.55.242:33348] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:22:50.685424 2026] [ssl:error] [pid 21150:tid 21161] [client 195.22.55.242:33364] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:07.111789 2026] [security2:error] [pid 6693:tid 6710] [client 195.22.55.242:45038] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/robots.txt"] [unique_id "ait7m3jPYfbesaCsFzM1cAAAAAw"]
[Fri Jun 12 00:23:07.112215 2026] [security2:error] [pid 6693:tid 6710] [client 195.22.55.242:45038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/robots.txt"] [unique_id "ait7m3jPYfbesaCsFzM1cAAAAAw"]
[Fri Jun 12 00:23:07.112992 2026] [security2:error] [pid 6693:tid 6710] [client 195.22.55.242:45038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7m3jPYfbesaCsFzM1cAAAAAw"]
[Fri Jun 12 00:23:10.179621 2026] [security2:error] [pid 8259:tid 8286] [client 195.22.55.242:45050] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7nnolEJBFTjlHisygoAAAAVc"]
[Fri Jun 12 00:23:10.180280 2026] [security2:error] [pid 8259:tid 8286] [client 195.22.55.242:45050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7nnolEJBFTjlHisygoAAAAVc"]
[Fri Jun 12 00:23:10.181134 2026] [security2:error] [pid 8259:tid 8286] [client 195.22.55.242:45050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7nnolEJBFTjlHisygoAAAAVc"]
[Fri Jun 12 00:23:11.080565 2026] [security2:error] [pid 8259:tid 8273] [client 195.22.55.242:45058] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7n3olEJBFTjlHisygpwAAAUo"]
[Fri Jun 12 00:23:11.081336 2026] [security2:error] [pid 8259:tid 8273] [client 195.22.55.242:45058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7n3olEJBFTjlHisygpwAAAUo"]
[Fri Jun 12 00:23:11.083894 2026] [security2:error] [pid 8259:tid 8273] [client 195.22.55.242:45058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7n3olEJBFTjlHisygpwAAAUo"]
[Fri Jun 12 00:23:11.507100 2026] [security2:error] [pid 6693:tid 6707] [client 195.22.55.242:45072] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7n3jPYfbesaCsFzM1hQAAAAk"]
[Fri Jun 12 00:23:11.507911 2026] [security2:error] [pid 6693:tid 6707] [client 195.22.55.242:45072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7n3jPYfbesaCsFzM1hQAAAAk"]
[Fri Jun 12 00:23:11.509715 2026] [security2:error] [pid 6693:tid 6707] [client 195.22.55.242:45072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7n3jPYfbesaCsFzM1hQAAAAk"]
[Fri Jun 12 00:23:12.205412 2026] [security2:error] [pid 11021:tid 11040] [client 195.22.55.242:45082] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oOfOlZI6G7yRn5Kf7gAAAEo"]
[Fri Jun 12 00:23:12.205960 2026] [security2:error] [pid 11021:tid 11040] [client 195.22.55.242:45082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oOfOlZI6G7yRn5Kf7gAAAEo"]
[Fri Jun 12 00:23:12.206870 2026] [security2:error] [pid 11021:tid 11040] [client 195.22.55.242:45082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7oOfOlZI6G7yRn5Kf7gAAAEo"]
[Fri Jun 12 00:23:12.615200 2026] [security2:error] [pid 2118:tid 2126] [client 195.22.55.242:45092] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oGAwrcQa3cFQ5_1hjwAAAQU"]
[Fri Jun 12 00:23:12.616148 2026] [security2:error] [pid 2118:tid 2126] [client 195.22.55.242:45092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oGAwrcQa3cFQ5_1hjwAAAQU"]
[Fri Jun 12 00:23:12.617013 2026] [security2:error] [pid 2118:tid 2126] [client 195.22.55.242:45092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7oGAwrcQa3cFQ5_1hjwAAAQU"]
[Fri Jun 12 00:23:13.096923 2026] [security2:error] [pid 21150:tid 21168] [client 195.22.55.242:45104] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oShtFHEdnREfgjPd2QAAAI0"]
[Fri Jun 12 00:23:13.097461 2026] [security2:error] [pid 21150:tid 21168] [client 195.22.55.242:45104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oShtFHEdnREfgjPd2QAAAI0"]
[Fri Jun 12 00:23:13.098410 2026] [security2:error] [pid 21150:tid 21168] [client 195.22.55.242:45104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7oShtFHEdnREfgjPd2QAAAI0"]
[Fri Jun 12 00:23:13.981735 2026] [security2:error] [pid 21150:tid 21179] [client 195.22.55.242:59888] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oShtFHEdnREfgjPd3QAAAJg"]
[Fri Jun 12 00:23:13.982546 2026] [security2:error] [pid 21150:tid 21179] [client 195.22.55.242:59888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oShtFHEdnREfgjPd3QAAAJg"]
[Fri Jun 12 00:23:13.983801 2026] [security2:error] [pid 21150:tid 21179] [client 195.22.55.242:59888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7oShtFHEdnREfgjPd3QAAAJg"]
[Fri Jun 12 00:23:14.505746 2026] [security2:error] [pid 2118:tid 2147] [client 195.22.55.242:59892] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/HNAP1"] [unique_id "ait7omAwrcQa3cFQ5_1hlgAAARI"]
[Fri Jun 12 00:23:14.506287 2026] [security2:error] [pid 2118:tid 2147] [client 195.22.55.242:59892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/HNAP1"] [unique_id "ait7omAwrcQa3cFQ5_1hlgAAARI"]
[Fri Jun 12 00:23:14.507280 2026] [security2:error] [pid 2118:tid 2147] [client 195.22.55.242:59892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7omAwrcQa3cFQ5_1hlgAAARI"]
[Fri Jun 12 00:23:14.576953 2026] [security2:error] [pid 21150:tid 21172] [client 195.22.55.242:59906] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oihtFHEdnREfgjPd4QAAAJE"]
[Fri Jun 12 00:23:14.577554 2026] [security2:error] [pid 21150:tid 21172] [client 195.22.55.242:59906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7oihtFHEdnREfgjPd4QAAAJE"]
[Fri Jun 12 00:23:14.578709 2026] [security2:error] [pid 21150:tid 21172] [client 195.22.55.242:59906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7oihtFHEdnREfgjPd4QAAAJE"]
[Fri Jun 12 00:23:15.397800 2026] [security2:error] [pid 11021:tid 11031] [client 195.22.55.242:59918] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7o-fOlZI6G7yRn5Kf_QAAAEE"]
[Fri Jun 12 00:23:15.398362 2026] [security2:error] [pid 11021:tid 11031] [client 195.22.55.242:59918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7o-fOlZI6G7yRn5Kf_QAAAEE"]
[Fri Jun 12 00:23:15.399218 2026] [security2:error] [pid 11021:tid 11031] [client 195.22.55.242:59918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7o-fOlZI6G7yRn5Kf_QAAAEE"]
[Fri Jun 12 00:23:28.297201 2026] [ssl:error] [pid 11021:tid 11050] [client 195.22.55.242:32952] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:29.211250 2026] [ssl:error] [pid 11021:tid 11032] [client 195.22.55.242:32964] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:29.927247 2026] [ssl:error] [pid 21150:tid 21174] [client 195.22.55.242:32976] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:30.564526 2026] [ssl:error] [pid 8259:tid 8286] [client 195.22.55.242:32986] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:31.275374 2026] [ssl:error] [pid 11021:tid 11033] [client 195.22.55.242:32994] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:31.849283 2026] [ssl:error] [pid 21150:tid 21163] [client 195.22.55.242:33002] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:32.654963 2026] [ssl:error] [pid 8259:tid 8266] [client 195.22.55.242:33012] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:33.041513 2026] [security2:error] [pid 8259:tid 8270] [client 195.22.55.242:56914] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7tXolEJBFTjlHisyhCAAAAUc"]
[Fri Jun 12 00:23:33.443852 2026] [ssl:error] [pid 2118:tid 2139] [client 195.22.55.242:33434] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:34.507538 2026] [ssl:error] [pid 8259:tid 8280] [client 195.22.55.242:33438] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:35.707249 2026] [security2:error] [pid 8259:tid 8278] [client 195.22.55.242:59294] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7t3olEJBFTjlHisyhDwAAAU8"]
[Fri Jun 12 00:23:35.707833 2026] [security2:error] [pid 8259:tid 8278] [client 195.22.55.242:59294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7t3olEJBFTjlHisyhDwAAAU8"]
[Fri Jun 12 00:23:35.708798 2026] [security2:error] [pid 8259:tid 8278] [client 195.22.55.242:59294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7t3olEJBFTjlHisyhDwAAAU8"]
[Fri Jun 12 00:23:36.154459 2026] [security2:error] [pid 2118:tid 2127] [client 195.22.55.242:59296] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7uGAwrcQa3cFQ5_1h8QAAAQY"]
[Fri Jun 12 00:23:36.155024 2026] [security2:error] [pid 2118:tid 2127] [client 195.22.55.242:59296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait7uGAwrcQa3cFQ5_1h8QAAAQY"]
[Fri Jun 12 00:23:36.155921 2026] [security2:error] [pid 2118:tid 2127] [client 195.22.55.242:59296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7uGAwrcQa3cFQ5_1h8QAAAQY"]
[Fri Jun 12 00:23:42.955071 2026] [security2:error] [pid 2118:tid 2124] [client 195.22.55.242:59306] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/sdk"] [unique_id "ait7vmAwrcQa3cFQ5_1iBwAAAQM"]
[Fri Jun 12 00:23:42.955222 2026] [security2:error] [pid 2118:tid 2124] [client 195.22.55.242:59306] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "702"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "vps.erhabenn.com.br"] [uri "/sdk"] [unique_id "ait7vmAwrcQa3cFQ5_1iBwAAAQM"]
[Fri Jun 12 00:23:42.955719 2026] [security2:error] [pid 2118:tid 2124] [client 195.22.55.242:59306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/sdk"] [unique_id "ait7vmAwrcQa3cFQ5_1iBwAAAQM"]
[Fri Jun 12 00:23:42.956493 2026] [security2:error] [pid 2118:tid 2124] [client 195.22.55.242:59306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait7vmAwrcQa3cFQ5_1iBwAAAQM"]
[Fri Jun 12 00:23:52.130669 2026] [ssl:error] [pid 8259:tid 8284] [client 195.22.55.242:35376] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:23:54.040183 2026] [ssl:error] [pid 2118:tid 2129] [client 195.22.55.242:52706] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:24:14.777901 2026] [ssl:error] [pid 8259:tid 8263] [client 195.22.55.242:40496] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:24:17.157728 2026] [security2:error] [pid 2118:tid 2133] [client 195.22.55.242:49588] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait74WAwrcQa3cFQ5_1ivQAAAQw"]
[Fri Jun 12 00:24:17.158242 2026] [security2:error] [pid 2118:tid 2133] [client 195.22.55.242:49588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait74WAwrcQa3cFQ5_1ivQAAAQw"]
[Fri Jun 12 00:24:17.159007 2026] [security2:error] [pid 2118:tid 2133] [client 195.22.55.242:49588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait74WAwrcQa3cFQ5_1ivQAAAQw"]
[Fri Jun 12 00:24:18.168870 2026] [security2:error] [pid 11021:tid 11042] [client 195.22.55.242:49604] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/favicon.ico"] [unique_id "ait74ufOlZI6G7yRn5KgsgAAAEw"]
[Fri Jun 12 00:24:18.169546 2026] [security2:error] [pid 11021:tid 11042] [client 195.22.55.242:49604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/favicon.ico"] [unique_id "ait74ufOlZI6G7yRn5KgsgAAAEw"]
[Fri Jun 12 00:24:18.170407 2026] [security2:error] [pid 11021:tid 11042] [client 195.22.55.242:49604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait74ufOlZI6G7yRn5KgsgAAAEw"]
[Fri Jun 12 00:24:29.590386 2026] [ssl:error] [pid 6693:tid 6713] [client 195.22.55.242:56606] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:24:48.329765 2026] [security2:error] [pid 2118:tid 2155] [client 195.22.55.242:43116] ModSecurity: Warning. Matched phrase "nmap scripting engine" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; nmap scripting engine; https://nmap.org/book/nse.html)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait8AGAwrcQa3cFQ5_1jhwAAARc"]
[Fri Jun 12 00:24:48.330367 2026] [security2:error] [pid 2118:tid 2155] [client 195.22.55.242:43116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait8AGAwrcQa3cFQ5_1jhwAAARc"]
[Fri Jun 12 00:24:48.331414 2026] [security2:error] [pid 2118:tid 2155] [client 195.22.55.242:43116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "vps.erhabenn.com.br"] [uri "/403.shtml"] [unique_id "ait8AGAwrcQa3cFQ5_1jhwAAARc"]
[Fri Jun 12 00:24:48.816420 2026] [ssl:error] [pid 6693:tid 6706] [client 195.22.55.242:53852] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:25:08.121070 2026] [ssl:error] [pid 11021:tid 11045] [client 195.22.55.242:44514] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:25:45.577510 2026] [security2:error] [pid 6693:tid 6721] [client 195.22.55.242:60282] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "augenn.com"] [uri "/"] [unique_id "ait8OXjPYfbesaCsFzM3zwAAABc"]
[Fri Jun 12 00:25:46.460201 2026] [ssl:error] [pid 6693:tid 6700] [client 195.22.55.242:60302] AH02032: Hostname augenn.com (default host as no SNI was provided) and hostname vps.erhabenn.com.br provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 00:25:51.930568 2026] [security2:error] [pid 2118:tid 2133] [client 195.22.55.242:58208] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "ait8P2AwrcQa3cFQ5_1lLAAAAQw"]
[Fri Jun 12 00:38:33.361753 2026] [security2:error] [pid 8259:tid 8273] [client 185.93.89.167:37113] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "ait_OXolEJBFTjlHisyvmQAAAUo"]
[Fri Jun 12 00:38:33.362129 2026] [security2:error] [pid 8259:tid 8273] [client 185.93.89.167:37113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "ait_OXolEJBFTjlHisyvmQAAAUo"]
[Fri Jun 12 00:38:33.874105 2026] [security2:error] [pid 8259:tid 8273] [client 185.93.89.167:37113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "ait_OXolEJBFTjlHisyvmQAAAUo"]
[Fri Jun 12 00:40:08.101499 2026] [security2:error] [pid 6693:tid 6712] [client 34.123.82.129:44642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "ait_mHjPYfbesaCsFzNGXwAAAA4"]
[Fri Jun 12 00:40:08.101887 2026] [security2:error] [pid 6693:tid 6712] [client 34.123.82.129:44642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "ait_mHjPYfbesaCsFzNGXwAAAA4"]
[Fri Jun 12 00:40:08.102169 2026] [security2:error] [pid 6693:tid 6712] [client 34.123.82.129:44642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "ait_mHjPYfbesaCsFzNGXwAAAA4"]
[Fri Jun 12 00:40:10.899288 2026] [security2:error] [pid 6693:tid 6721] [client 34.123.82.129:44654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "ait_mnjPYfbesaCsFzNGcQAAABc"]
[Fri Jun 12 00:40:10.899649 2026] [security2:error] [pid 6693:tid 6721] [client 34.123.82.129:44654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "ait_mnjPYfbesaCsFzNGcQAAABc"]
[Fri Jun 12 00:40:22.249078 2026] [security2:error] [pid 6693:tid 6721] [client 34.123.82.129:44654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "ait_mnjPYfbesaCsFzNGcQAAABc"]
[Fri Jun 12 00:40:29.088347 2026] [security2:error] [pid 11021:tid 11033] [client 45.79.181.179:63842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "ait_refOlZI6G7yRn5KyUQAAAEM"]
[Fri Jun 12 00:44:34.527723 2026] [security2:error] [pid 2118:tid 2132] [client 45.94.31.163:63718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/.env"] [unique_id "aiuAomAwrcQa3cFQ5_17cAAAAQs"]
[Fri Jun 12 00:44:34.528086 2026] [security2:error] [pid 2118:tid 2132] [client 45.94.31.163:63718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/.env"] [unique_id "aiuAomAwrcQa3cFQ5_17cAAAAQs"]
[Fri Jun 12 00:44:34.528616 2026] [security2:error] [pid 2118:tid 2132] [client 45.94.31.163:63718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.a1b2c3d4.machen.ai"] [uri "/403.shtml"] [unique_id "aiuAomAwrcQa3cFQ5_17cAAAAQs"]
[Fri Jun 12 00:44:34.667874 2026] [security2:error] [pid 21150:tid 21176] [client 45.94.31.163:63720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.file.machen.ai"] [uri "/.env"] [unique_id "aiuAoihtFHEdnREfgjPziQAAAJU"]
[Fri Jun 12 00:44:34.668182 2026] [security2:error] [pid 21150:tid 21176] [client 45.94.31.163:63720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.file.machen.ai"] [uri "/.env"] [unique_id "aiuAoihtFHEdnREfgjPziQAAAJU"]
[Fri Jun 12 00:44:34.668479 2026] [security2:error] [pid 21150:tid 21176] [client 45.94.31.163:63720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.file.machen.ai"] [uri "/403.shtml"] [unique_id "aiuAoihtFHEdnREfgjPziQAAAJU"]
[Fri Jun 12 00:44:34.962003 2026] [security2:error] [pid 2118:tid 2127] [client 45.94.31.163:63723] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiuAomAwrcQa3cFQ5_17cQAAAQY"]
[Fri Jun 12 00:44:34.962283 2026] [security2:error] [pid 2118:tid 2127] [client 45.94.31.163:63723] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiuAomAwrcQa3cFQ5_17cQAAAQY"]
[Fri Jun 12 00:44:34.962545 2026] [security2:error] [pid 2118:tid 2127] [client 45.94.31.163:63723] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiuAomAwrcQa3cFQ5_17cQAAAQY"]
[Fri Jun 12 00:44:35.500009 2026] [security2:error] [pid 6693:tid 6706] [client 45.94.31.163:63733] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aiuAo3jPYfbesaCsFzNLCQAAAAg"]
[Fri Jun 12 00:44:35.500327 2026] [security2:error] [pid 6693:tid 6706] [client 45.94.31.163:63733] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aiuAo3jPYfbesaCsFzNLCQAAAAg"]
[Fri Jun 12 00:44:36.204852 2026] [security2:error] [pid 6693:tid 6706] [client 45.94.31.163:63733] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aiuAo3jPYfbesaCsFzNLCQAAAAg"]
[Fri Jun 12 00:44:36.248403 2026] [security2:error] [pid 11021:tid 11048] [client 45.94.31.163:63741] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.images.machen.ai"] [uri "/.env"] [unique_id "aiuApOfOlZI6G7yRn5K2WgAAAFI"]
[Fri Jun 12 00:44:36.248825 2026] [security2:error] [pid 11021:tid 11048] [client 45.94.31.163:63741] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.images.machen.ai"] [uri "/.env"] [unique_id "aiuApOfOlZI6G7yRn5K2WgAAAFI"]
[Fri Jun 12 00:44:36.249146 2026] [security2:error] [pid 11021:tid 11048] [client 45.94.31.163:63741] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.images.machen.ai"] [uri "/403.shtml"] [unique_id "aiuApOfOlZI6G7yRn5K2WgAAAFI"]
[Fri Jun 12 00:44:36.835442 2026] [security2:error] [pid 8259:tid 8263] [client 45.94.31.163:63748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aiuApHolEJBFTjlHisy1cgAAAUA"]
[Fri Jun 12 00:44:36.835796 2026] [security2:error] [pid 8259:tid 8263] [client 45.94.31.163:63748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aiuApHolEJBFTjlHisy1cgAAAUA"]
[Fri Jun 12 00:44:36.836083 2026] [security2:error] [pid 8259:tid 8263] [client 45.94.31.163:63748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiuApHolEJBFTjlHisy1cgAAAUA"]
[Fri Jun 12 00:44:37.109930 2026] [security2:error] [pid 11021:tid 11052] [client 45.94.31.163:63751] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env"] [unique_id "aiuApefOlZI6G7yRn5K2YAAAAFY"]
[Fri Jun 12 00:44:37.110307 2026] [security2:error] [pid 11021:tid 11052] [client 45.94.31.163:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env"] [unique_id "aiuApefOlZI6G7yRn5K2YAAAAFY"]
[Fri Jun 12 00:44:37.110647 2026] [security2:error] [pid 11021:tid 11052] [client 45.94.31.163:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/403.shtml"] [unique_id "aiuApefOlZI6G7yRn5K2YAAAAFY"]
[Fri Jun 12 00:44:37.400114 2026] [security2:error] [pid 6693:tid 6704] [client 45.94.31.163:63754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.matrixswot.machen.ai"] [uri "/.env"] [unique_id "aiuApXjPYfbesaCsFzNLFgAAAAY"]
[Fri Jun 12 00:44:37.400402 2026] [security2:error] [pid 6693:tid 6704] [client 45.94.31.163:63754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.matrixswot.machen.ai"] [uri "/.env"] [unique_id "aiuApXjPYfbesaCsFzNLFgAAAAY"]
[Fri Jun 12 00:44:37.400685 2026] [security2:error] [pid 6693:tid 6704] [client 45.94.31.163:63754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.matrixswot.machen.ai"] [uri "/403.shtml"] [unique_id "aiuApXjPYfbesaCsFzNLFgAAAAY"]
[Fri Jun 12 00:44:37.543160 2026] [security2:error] [pid 11021:tid 11054] [client 45.94.31.163:63755] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aiuApefOlZI6G7yRn5K2YwAAAFg"]
[Fri Jun 12 00:44:37.543545 2026] [security2:error] [pid 11021:tid 11054] [client 45.94.31.163:63755] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aiuApefOlZI6G7yRn5K2YwAAAFg"]
[Fri Jun 12 00:44:46.818513 2026] [security2:error] [pid 11021:tid 11054] [client 45.94.31.163:63755] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "aiuApefOlZI6G7yRn5K2YwAAAFg"]
[Fri Jun 12 00:47:02.363899 2026] [security2:error] [pid 6693:tid 6716] [client 195.238.240.22:56660] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aiuBNnjPYfbesaCsFzNNIQAAABI"]
[Fri Jun 12 00:49:37.082613 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Fri Jun 12 00:49:37.215107 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/acp.php
[Fri Jun 12 00:49:37.444480 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/as.php
[Fri Jun 12 00:49:37.578863 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/wpconf.php
[Fri Jun 12 00:49:37.776973 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/Ov-Simple1.php
[Fri Jun 12 00:49:37.901316 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/atomlib.php
[Fri Jun 12 00:49:38.034188 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/jj.php
[Fri Jun 12 00:49:38.161976 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/wp-atom.php
[Fri Jun 12 00:49:38.286181 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/loxico93.php
[Fri Jun 12 00:49:38.433056 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/momo.php
[Fri Jun 12 00:49:38.597897 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/sd.php
[Fri Jun 12 00:49:38.825050 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/asu.php
[Fri Jun 12 00:49:38.952045 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/wolf.php
[Fri Jun 12 00:49:39.246892 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/rum.php
[Fri Jun 12 00:49:39.427970 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/cxl.php
[Fri Jun 12 00:49:39.557938 2026] [:error] [pid 21150:tid 21178] [client 20.100.190.50:4638] File does not exist: /disk001/machen/public_html/suporte/wp-ver.php
[Fri Jun 12 00:50:03.831239 2026] [security2:error] [pid 11021:tid 11035] [client 170.106.35.153:41300] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aiuB6-fOlZI6G7yRn5K8dQAAAEU"], referer: http://machen.ai
[Fri Jun 12 00:52:04.645312 2026] [security2:error] [pid 11021:tid 11045] [client 195.238.240.22:52908] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aiuCZOfOlZI6G7yRn5K9wgAAAE8"]
[Fri Jun 12 00:58:17.187965 2026] [security2:error] [pid 11021:tid 11049] [client 78.153.140.250:50804] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiuD2efOlZI6G7yRn5LETgAAAFM"]
[Fri Jun 12 00:58:17.188219 2026] [security2:error] [pid 11021:tid 11049] [client 78.153.140.250:50804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiuD2efOlZI6G7yRn5LETgAAAFM"]
[Fri Jun 12 00:58:17.188429 2026] [security2:error] [pid 11021:tid 11049] [client 78.153.140.250:50804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiuD2efOlZI6G7yRn5LETgAAAFM"]
[Fri Jun 12 00:58:17.813703 2026] [security2:error] [pid 11021:tid 11049] [client 78.153.140.250:50804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiuD2efOlZI6G7yRn5LETgAAAFM"]
[Fri Jun 12 00:58:18.472905 2026] [security2:error] [pid 6693:tid 6710] [client 78.153.140.250:50810] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuD2njPYfbesaCsFzNbRwAAAAw"]
[Fri Jun 12 01:00:27.226664 2026] [core:error] [pid 3761:tid 3780] [client 189.51.43.54:37356] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 01:14:02.629097 2026] [security2:error] [pid 21150:tid 21167] [client 69.5.169.33:2132] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/onvif/device_service"] [unique_id "aiuHiihtFHEdnREfgjMRcgAAAIw"]
[Fri Jun 12 01:14:03.583420 2026] [security2:error] [pid 11021:tid 11031] [client 194.88.98.94:1174] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuHi-fOlZI6G7yRn5LVdwAAAEE"]
[Fri Jun 12 01:14:04.587378 2026] [security2:error] [pid 11021:tid 11050] [client 69.5.169.19:3164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aiuHjOfOlZI6G7yRn5LVegAAAFQ"]
[Fri Jun 12 01:18:07.669435 2026] [security2:error] [pid 11021:tid 11054] [client 78.153.140.149:39102] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuIf-fOlZI6G7yRn5LZpgAAAFg"]
[Fri Jun 12 01:18:07.669726 2026] [security2:error] [pid 11021:tid 11054] [client 78.153.140.149:39102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuIf-fOlZI6G7yRn5LZpgAAAFg"]
[Fri Jun 12 01:18:07.669953 2026] [security2:error] [pid 11021:tid 11054] [client 78.153.140.149:39102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuIf-fOlZI6G7yRn5LZpgAAAFg"]
[Fri Jun 12 01:18:07.671176 2026] [security2:error] [pid 11021:tid 11054] [client 78.153.140.149:39102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuIf-fOlZI6G7yRn5LZpgAAAFg"]
[Fri Jun 12 01:18:08.021866 2026] [security2:error] [pid 21150:tid 21173] [client 78.153.140.149:39118] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuIgChtFHEdnREfgjMU6wAAAJI"]
[Fri Jun 12 01:32:28.783864 2026] [security2:error] [pid 11021:tid 11040] [client 43.159.62.163:50754] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiuL3OfOlZI6G7yRn5LnQQAAAEo"]
[Fri Jun 12 01:35:44.101698 2026] [security2:error] [pid 6693:tid 6699] [client 48.217.87.78:36424] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/owa/auth/logon.aspx"] [unique_id "aiuMoHjPYfbesaCsFzODGQAAAAE"]
[Fri Jun 12 01:35:44.101864 2026] [security2:error] [pid 6693:tid 6699] [client 48.217.87.78:36424] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/owa/auth/logon.aspx"] [unique_id "aiuMoHjPYfbesaCsFzODGQAAAAE"]
[Fri Jun 12 01:35:44.102288 2026] [security2:error] [pid 6693:tid 6699] [client 48.217.87.78:36424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/owa/auth/logon.aspx"] [unique_id "aiuMoHjPYfbesaCsFzODGQAAAAE"]
[Fri Jun 12 01:35:44.102601 2026] [security2:error] [pid 6693:tid 6699] [client 48.217.87.78:36424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuMoHjPYfbesaCsFzODGQAAAAE"]
[Fri Jun 12 01:39:59.941559 2026] [security2:error] [pid 3761:tid 3793] [client 69.5.169.199:63610] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.0.2.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.0.2.1"] [uri "/"] [unique_id "aiuNn0N3y4TTMK1sMPZ6YAAAANc"]
[Fri Jun 12 01:40:11.045758 2026] [security2:error] [pid 21150:tid 21156] [client 69.5.169.170:2794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuNqyhtFHEdnREfgjMrmwAAAIE"]
[Fri Jun 12 01:40:11.300093 2026] [security2:error] [pid 11021:tid 11052] [client 69.5.169.208:9448] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiuNq-fOlZI6G7yRn5LvnQAAAFY"]
[Fri Jun 12 01:47:38.602220 2026] [security2:error] [pid 3761:tid 3783] [client 91.92.42.86:47908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiuPakN3y4TTMK1sMPaCDAAAAM0"], referer: http://machen.ai/.env
[Fri Jun 12 01:47:38.602455 2026] [security2:error] [pid 3761:tid 3783] [client 91.92.42.86:47908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env"] [unique_id "aiuPakN3y4TTMK1sMPaCDAAAAM0"], referer: http://machen.ai/.env
[Fri Jun 12 01:47:38.621272 2026] [security2:error] [pid 21150:tid 21167] [client 91.92.42.86:47898] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiuPaihtFHEdnREfgjMx5QAAAIw"], referer: http://machen.ai/.git/config
[Fri Jun 12 01:47:38.621657 2026] [security2:error] [pid 21150:tid 21167] [client 91.92.42.86:47898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.git/config"] [unique_id "aiuPaihtFHEdnREfgjMx5QAAAIw"], referer: http://machen.ai/.git/config
[Fri Jun 12 01:47:38.760145 2026] [security2:error] [pid 3761:tid 3776] [client 91.92.42.86:47944] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiuPakN3y4TTMK1sMPaCDgAAAMY"], referer: http://machen.ai/wp-config.php
[Fri Jun 12 01:47:38.760398 2026] [security2:error] [pid 3761:tid 3776] [client 91.92.42.86:47944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/wp-config.php"] [unique_id "aiuPakN3y4TTMK1sMPaCDgAAAMY"], referer: http://machen.ai/wp-config.php
[Fri Jun 12 01:47:39.236033 2026] [security2:error] [pid 21150:tid 21167] [client 91.92.42.86:47898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuPaihtFHEdnREfgjMx5QAAAIw"], referer: http://machen.ai/.git/config
[Fri Jun 12 01:47:39.729269 2026] [security2:error] [pid 3761:tid 3783] [client 91.92.42.86:47908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuPakN3y4TTMK1sMPaCDAAAAM0"], referer: http://machen.ai/.env
[Fri Jun 12 01:47:39.878869 2026] [security2:error] [pid 3761:tid 3776] [client 91.92.42.86:47944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuPakN3y4TTMK1sMPaCDgAAAMY"], referer: http://machen.ai/wp-config.php
[Fri Jun 12 01:49:38.223442 2026] [security2:error] [pid 3761:tid 3775] [client 91.92.42.86:59576] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/composer.json"] [unique_id "aiuP4kN3y4TTMK1sMPaEdwAAAMU"], referer: http://machen.ai/composer.json
[Fri Jun 12 01:49:38.223786 2026] [security2:error] [pid 3761:tid 3775] [client 91.92.42.86:59576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/composer.json"] [unique_id "aiuP4kN3y4TTMK1sMPaEdwAAAMU"], referer: http://machen.ai/composer.json
[Fri Jun 12 01:49:38.261034 2026] [security2:error] [pid 11021:tid 11040] [client 91.92.42.86:59594] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.gitconfig"] [unique_id "aiuP4ufOlZI6G7yRn5L6LAAAAEo"], referer: http://machen.ai/.gitconfig
[Fri Jun 12 01:49:38.261364 2026] [security2:error] [pid 11021:tid 11040] [client 91.92.42.86:59594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.gitconfig"] [unique_id "aiuP4ufOlZI6G7yRn5L6LAAAAEo"], referer: http://machen.ai/.gitconfig
[Fri Jun 12 01:49:38.295653 2026] [security2:error] [pid 3761:tid 3789] [client 91.92.42.86:59622] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiuP4kN3y4TTMK1sMPaEeAAAANM"], referer: http://machen.ai/.env.bak
[Fri Jun 12 01:49:38.295908 2026] [security2:error] [pid 3761:tid 3789] [client 91.92.42.86:59622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiuP4kN3y4TTMK1sMPaEeAAAANM"], referer: http://machen.ai/.env.bak
[Fri Jun 12 01:49:38.296165 2026] [security2:error] [pid 3761:tid 3789] [client 91.92.42.86:59622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.bak"] [unique_id "aiuP4kN3y4TTMK1sMPaEeAAAANM"], referer: http://machen.ai/.env.bak
[Fri Jun 12 01:49:38.314217 2026] [security2:error] [pid 6693:tid 6699] [client 91.92.42.86:59638] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiuP4njPYfbesaCsFzOSCQAAAAE"], referer: http://machen.ai/web.config
[Fri Jun 12 01:49:38.314502 2026] [security2:error] [pid 6693:tid 6699] [client 91.92.42.86:59638] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiuP4njPYfbesaCsFzOSCQAAAAE"], referer: http://machen.ai/web.config
[Fri Jun 12 01:49:38.314918 2026] [security2:error] [pid 6693:tid 6699] [client 91.92.42.86:59638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/web.config"] [unique_id "aiuP4njPYfbesaCsFzOSCQAAAAE"], referer: http://machen.ai/web.config
[Fri Jun 12 01:49:38.879940 2026] [security2:error] [pid 3761:tid 3775] [client 91.92.42.86:59576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuP4kN3y4TTMK1sMPaEdwAAAMU"], referer: http://machen.ai/composer.json
[Fri Jun 12 01:49:39.236455 2026] [security2:error] [pid 6693:tid 6699] [client 91.92.42.86:59638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuP4njPYfbesaCsFzOSCQAAAAE"], referer: http://machen.ai/web.config
[Fri Jun 12 01:49:39.249167 2026] [security2:error] [pid 11021:tid 11040] [client 91.92.42.86:59594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuP4ufOlZI6G7yRn5L6LAAAAEo"], referer: http://machen.ai/.gitconfig
[Fri Jun 12 01:49:39.346268 2026] [security2:error] [pid 3761:tid 3789] [client 91.92.42.86:59622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuP4kN3y4TTMK1sMPaEeAAAANM"], referer: http://machen.ai/.env.bak
[Fri Jun 12 01:50:30.575748 2026] [security2:error] [pid 21150:tid 21177] [client 91.92.42.86:44574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env-config.js"] [unique_id "aiuQFihtFHEdnREfgjM1CAAAAJY"], referer: http://machen.ai/.env-config.js
[Fri Jun 12 01:50:30.576141 2026] [security2:error] [pid 21150:tid 21177] [client 91.92.42.86:44574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env-config.js"] [unique_id "aiuQFihtFHEdnREfgjM1CAAAAJY"], referer: http://machen.ai/.env-config.js
[Fri Jun 12 01:50:30.778077 2026] [security2:error] [pid 8259:tid 8273] [client 91.92.42.86:44706] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiuQFnolEJBFTjlHisz_cgAAAUo"], referer: http://machen.ai/.aws/credentials
[Fri Jun 12 01:50:30.778425 2026] [security2:error] [pid 8259:tid 8273] [client 91.92.42.86:44706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.aws/credentials"] [unique_id "aiuQFnolEJBFTjlHisz_cgAAAUo"], referer: http://machen.ai/.aws/credentials
[Fri Jun 12 01:50:30.818097 2026] [security2:error] [pid 6693:tid 6715] [client 91.92.42.86:44642] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiuQFnjPYfbesaCsFzOSzAAAABE"], referer: http://machen.ai/app/config/parameters.yml
[Fri Jun 12 01:50:30.818628 2026] [security2:error] [pid 6693:tid 6715] [client 91.92.42.86:44642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiuQFnjPYfbesaCsFzOSzAAAABE"], referer: http://machen.ai/app/config/parameters.yml
[Fri Jun 12 01:50:30.822100 2026] [security2:error] [pid 21150:tid 21161] [client 91.92.42.86:44686] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiuQFihtFHEdnREfgjM1CgAAAIY"], referer: http://machen.ai/config/parameters.yml
[Fri Jun 12 01:50:30.822347 2026] [security2:error] [pid 21150:tid 21161] [client 91.92.42.86:44686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiuQFihtFHEdnREfgjM1CgAAAIY"], referer: http://machen.ai/config/parameters.yml
[Fri Jun 12 01:50:30.836617 2026] [security2:error] [pid 8259:tid 8269] [client 91.92.42.86:44674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "machen.ai"] [uri "/.env.js"] [unique_id "aiuQFnolEJBFTjlHisz_cwAAAUY"], referer: http://machen.ai/.env.js
[Fri Jun 12 01:50:30.836927 2026] [security2:error] [pid 8259:tid 8269] [client 91.92.42.86:44674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "machen.ai"] [uri "/.env.js"] [unique_id "aiuQFnolEJBFTjlHisz_cwAAAUY"], referer: http://machen.ai/.env.js
[Fri Jun 12 01:50:31.370261 2026] [security2:error] [pid 21150:tid 21177] [client 91.92.42.86:44574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuQFihtFHEdnREfgjM1CAAAAJY"], referer: http://machen.ai/.env-config.js
[Fri Jun 12 01:50:31.968024 2026] [security2:error] [pid 21150:tid 21161] [client 91.92.42.86:44686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuQFihtFHEdnREfgjM1CgAAAIY"], referer: http://machen.ai/config/parameters.yml
[Fri Jun 12 01:50:32.171920 2026] [security2:error] [pid 8259:tid 8269] [client 91.92.42.86:44674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuQFnolEJBFTjlHisz_cwAAAUY"], referer: http://machen.ai/.env.js
[Fri Jun 12 01:50:32.173051 2026] [security2:error] [pid 8259:tid 8273] [client 91.92.42.86:44706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuQFnolEJBFTjlHisz_cgAAAUo"], referer: http://machen.ai/.aws/credentials
[Fri Jun 12 01:50:32.191084 2026] [security2:error] [pid 6693:tid 6715] [client 91.92.42.86:44642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "machen.ai"] [uri "/index.php"] [unique_id "aiuQFnjPYfbesaCsFzOSzAAAABE"], referer: http://machen.ai/app/config/parameters.yml
[Fri Jun 12 01:51:31.254882 2026] [security2:error] [pid 6693:tid 6699] [client 43.159.143.190:55842] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuQU3jPYfbesaCsFzOT9AAAAAE"]
[Fri Jun 12 01:51:31.255031 2026] [security2:error] [pid 6693:tid 6699] [client 43.159.143.190:55842] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuQU3jPYfbesaCsFzOT9AAAAAE"]
[Fri Jun 12 01:51:31.255618 2026] [security2:error] [pid 6693:tid 6699] [client 43.159.143.190:55842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuQU3jPYfbesaCsFzOT9AAAAAE"]
[Fri Jun 12 01:51:31.256462 2026] [security2:error] [pid 6693:tid 6699] [client 43.159.143.190:55842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuQU3jPYfbesaCsFzOT9AAAAAE"]
[Fri Jun 12 02:01:05.193539 2026] [security2:error] [pid 5193:tid 5211] [client 176.120.22.120:52670] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuSkX382LywbxGg79s0GgAAAQ4"]
[Fri Jun 12 02:01:05.695822 2026] [security2:error] [pid 11021:tid 11054] [client 176.120.22.120:52680] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiuSkefOlZI6G7yRn5IGfwAAAFg"], referer: https://13.66.22.226:443
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 02:01:06.256139 2026] [security2:error] [pid 6693:tid 6705] [client 176.120.22.120:52684] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/remote/login"] [unique_id "aiuSknjPYfbesaCsFzOdfQAAAAc"]
[Fri Jun 12 02:01:06.752388 2026] [security2:error] [pid 21150:tid 21172] [client 176.120.22.120:52700] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiuSkihtFHEdnREfgjNBTQAAAJE"], referer: https://13.66.22.226:443/remote/login
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 02:01:07.277175 2026] [security2:error] [pid 3761:tid 3774] [client 176.120.22.120:52702] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/remote/fortisslvpn_xml"] [unique_id "aiuSk0N3y4TTMK1sMPaRTgAAAMQ"]
[Fri Jun 12 02:01:07.778940 2026] [security2:error] [pid 21150:tid 21161] [client 176.120.22.120:52716] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiuSkyhtFHEdnREfgjNBUAAAAIY"]
[Fri Jun 12 02:10:21.371439 2026] [security2:error] [pid 3761:tid 3770] [client 79.124.40.174:50452] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuUvUN3y4TTMK1sMPacVQAAAMA"]
[Fri Jun 12 02:10:22.278561 2026] [security2:error] [pid 6693:tid 6707] [client 79.124.40.174:50464] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiuUvnjPYfbesaCsFzOk9AAAAAk"], referer: https://13.66.22.226:443/?XDEBUG_SESSION_START=phpstorm
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 02:17:44.723379 2026] [security2:error] [pid 5193:tid 5201] [client 43.164.3.182:47182] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aiuWeH382LywbxGg79tGGQAAAQQ"]
[Fri Jun 12 02:18:32.304316 2026] [security2:error] [pid 5193:tid 5214] [client 176.120.22.120:35758] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuWqH382LywbxGg79tGowAAARE"]
[Fri Jun 12 02:18:33.485002 2026] [security2:error] [pid 5193:tid 5210] [client 176.120.22.120:35764] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/remote/login"] [unique_id "aiuWqX382LywbxGg79tGqAAAAQ0"]
[Fri Jun 12 02:18:34.506107 2026] [security2:error] [pid 3761:tid 3774] [client 176.120.22.120:35780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/remote/fortisslvpn_xml"] [unique_id "aiuWqkN3y4TTMK1sMPakEQAAAMQ"]
[Fri Jun 12 02:18:35.558896 2026] [security2:error] [pid 3761:tid 3790] [client 176.120.22.120:35784] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aiuWq0N3y4TTMK1sMPakFgAAANQ"]
[Fri Jun 12 02:23:38.685648 2026] [security2:error] [pid 6693:tid 6703] [client 79.124.40.174:41952] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuX2njPYfbesaCsFzOwYgAAAAU"]
[Fri Jun 12 02:23:43.615542 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Fri Jun 12 02:23:43.752710 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/x.php
[Fri Jun 12 02:23:43.886877 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/177.php
[Fri Jun 12 02:23:44.013226 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/199.php
[Fri Jun 12 02:23:44.145707 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/adca.php
[Fri Jun 12 02:23:44.270210 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ssixta.php
[Fri Jun 12 02:23:44.396442 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/b1ack.php
[Fri Jun 12 02:23:44.528941 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/Ov-Simple1.php
[Fri Jun 12 02:23:44.693932 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/sukce.php
[Fri Jun 12 02:23:44.819839 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/xb.php
[Fri Jun 12 02:23:44.954984 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/biufile.php
[Fri Jun 12 02:23:45.090822 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/wpconf.php
[Fri Jun 12 02:23:45.216892 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ultradybbuks.php
[Fri Jun 12 02:23:45.347000 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/novax.php
[Fri Jun 12 02:23:45.471812 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/mosty.php
[Fri Jun 12 02:23:45.599055 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/dejavu.php
[Fri Jun 12 02:23:45.725954 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/aaf.php
[Fri Jun 12 02:23:45.850795 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/b00869ae6e.php
[Fri Jun 12 02:23:45.978886 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/hellcut.php
[Fri Jun 12 02:23:46.104522 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/wander.php
[Fri Jun 12 02:23:46.232774 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ha.php
[Fri Jun 12 02:23:46.361199 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/hur.php
[Fri Jun 12 02:23:46.498744 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/2222.php
[Fri Jun 12 02:23:46.623245 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/h02ugyh.php
[Fri Jun 12 02:23:46.751161 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/mariju.php
[Fri Jun 12 02:23:46.881819 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/cu.php
[Fri Jun 12 02:23:47.019138 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/seiso.php
[Fri Jun 12 02:23:47.144938 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/155.php
[Fri Jun 12 02:23:47.269844 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ppp.php
[Fri Jun 12 02:23:47.397960 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/201.php
[Fri Jun 12 02:23:47.532021 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ops.php
[Fri Jun 12 02:23:47.660852 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/samll.php
[Fri Jun 12 02:23:47.796374 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ingfo.php
[Fri Jun 12 02:23:47.922016 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/error_log.php
[Fri Jun 12 02:23:48.056111 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/xenon1337.php
[Fri Jun 12 02:23:48.183728 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/test11.php
[Fri Jun 12 02:23:48.309025 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/koala.php
[Fri Jun 12 02:23:48.434770 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/mac.php
[Fri Jun 12 02:23:48.578789 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/25d653587fdfd1.php
[Fri Jun 12 02:23:48.703712 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/wefile.php
[Fri Jun 12 02:23:49.364887 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/half.php
[Fri Jun 12 02:23:49.493405 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/2P.php
[Fri Jun 12 02:23:49.637058 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/tires.php
[Fri Jun 12 02:23:49.913168 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/like.php
[Fri Jun 12 02:23:50.039007 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/.well-known/about.php
[Fri Jun 12 02:23:50.293604 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/bob.php
[Fri Jun 12 02:23:50.420621 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/t3s.php
[Fri Jun 12 02:23:50.808019 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/uwu.php
[Fri Jun 12 02:23:50.933409 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/uwa.php
[Fri Jun 12 02:23:51.060542 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/crgio.php
[Fri Jun 12 02:23:51.191791 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/geforce.php
[Fri Jun 12 02:23:51.322441 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/pucci.php
[Fri Jun 12 02:23:51.701785 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/one.php
[Fri Jun 12 02:23:51.826928 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/wp-temp.php
[Fri Jun 12 02:23:52.093790 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/w2026.php
[Fri Jun 12 02:23:52.227798 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/mode.php
[Fri Jun 12 02:23:52.486563 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/dx.php
[Fri Jun 12 02:23:52.615064 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/puc.php
[Fri Jun 12 02:23:52.746943 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/themes.php
[Fri Jun 12 02:23:52.879764 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/dx.php
[Fri Jun 12 02:23:53.016124 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/11.php
[Fri Jun 12 02:23:53.162004 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/p.php
[Fri Jun 12 02:23:53.421888 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/bthil.php
[Fri Jun 12 02:23:53.549832 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/7.php
[Fri Jun 12 02:23:53.678078 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/8.php
[Fri Jun 12 02:23:53.803268 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/1.php
[Fri Jun 12 02:23:53.931957 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/100.php
[Fri Jun 12 02:23:54.063979 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/about.php
[Fri Jun 12 02:23:54.190064 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/admin.php
[Fri Jun 12 02:23:54.318006 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/edit.php
[Fri Jun 12 02:23:54.606625 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/f6.php
[Fri Jun 12 02:23:54.736685 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/inputs.php
[Fri Jun 12 02:23:54.867454 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/av.php
[Fri Jun 12 02:23:54.993523 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/classwithtostring.php
[Fri Jun 12 02:23:55.253913 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/wp-blog.php
[Fri Jun 12 02:23:55.647257 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/adminfuns.php
[Fri Jun 12 02:23:55.773680 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/goods.php
[Fri Jun 12 02:23:55.901527 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/ms-edit.php
[Fri Jun 12 02:23:56.034849 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/222.php
[Fri Jun 12 02:23:56.177934 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/cgi-bin/index.php
[Fri Jun 12 02:23:56.442304 2026] [:error] [pid 11021:tid 11045] [client 172.213.25.203:50658] File does not exist: /disk001/machen/public_html/suporte/BDKR28WP.php
[Fri Jun 12 02:23:56.968386 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/wp.php
[Fri Jun 12 02:23:57.098017 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/abcd.php
[Fri Jun 12 02:23:57.227443 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/a1.php
[Fri Jun 12 02:23:57.486850 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/bal.php
[Fri Jun 12 02:23:57.626284 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/cgi-bin/admin.php
[Fri Jun 12 02:23:57.761868 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/gettest.php
[Fri Jun 12 02:23:58.160735 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/simple.php
[Fri Jun 12 02:23:58.291975 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/kj.php
[Fri Jun 12 02:23:58.428098 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/xxx.php
[Fri Jun 12 02:23:58.567704 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/hypo.php
[Fri Jun 12 02:23:58.839097 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/chosen.php
[Fri Jun 12 02:23:59.100816 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/gg.php
[Fri Jun 12 02:23:59.244563 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/als.php
[Fri Jun 12 02:23:59.374249 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/pol.php
[Fri Jun 12 02:23:59.504701 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/006.php
[Fri Jun 12 02:23:59.632951 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file5.php
[Fri Jun 12 02:23:59.782930 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/4PJcpMFsD8B.php
[Fri Jun 12 02:23:59.925831 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file.php
[Fri Jun 12 02:24:00.057839 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/cfile.php
[Fri Jun 12 02:24:00.231994 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/class-wp.php
[Fri Jun 12 02:24:00.360228 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/ahax.php
[Fri Jun 12 02:24:00.499838 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/aa2.php
[Fri Jun 12 02:24:00.626724 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/ccou.php
[Fri Jun 12 02:24:00.757233 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/dr.php
[Fri Jun 12 02:24:00.886450 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/xamp.php
[Fri Jun 12 02:24:01.017187 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/cA3bHIkVhgP.php
[Fri Jun 12 02:24:01.153139 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/bless.php
[Fri Jun 12 02:24:01.289127 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file46.php
[Fri Jun 12 02:24:01.420768 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/bb.php
[Fri Jun 12 02:24:01.549865 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/eee.php
[Fri Jun 12 02:24:01.689057 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/5BltUjE9CrY.php
[Fri Jun 12 02:24:01.818788 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file25.php
[Fri Jun 12 02:24:01.947726 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/hg.php
[Fri Jun 12 02:24:02.122991 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file48.php
[Fri Jun 12 02:24:02.250616 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file59.php
[Fri Jun 12 02:24:02.379298 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/ff.php
[Fri Jun 12 02:24:02.511268 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file31.php
[Fri Jun 12 02:24:02.649308 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file6.php
[Fri Jun 12 02:24:02.779062 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/a2.php
[Fri Jun 12 02:24:02.910051 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file15.php
[Fri Jun 12 02:24:03.040899 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file81.php
[Fri Jun 12 02:24:03.169433 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/no1.php
[Fri Jun 12 02:24:03.296958 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/jp.php
[Fri Jun 12 02:24:03.424790 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/f35.php
[Fri Jun 12 02:24:03.559864 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/xa.php
[Fri Jun 12 02:24:03.689238 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/wp-load.php
[Fri Jun 12 02:24:03.821855 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/xwpg.php
[Fri Jun 12 02:24:03.952983 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/w2025.php
[Fri Jun 12 02:24:04.227882 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/ddd.php
[Fri Jun 12 02:24:04.494023 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/jj.php
[Fri Jun 12 02:24:04.620720 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/waf.php
[Fri Jun 12 02:24:04.748747 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/xstelth.php
[Fri Jun 12 02:24:05.011202 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/bel.php
[Fri Jun 12 02:24:05.143989 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/file58.php
[Fri Jun 12 02:24:05.276606 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/wp-links.php
[Fri Jun 12 02:24:05.539069 2026] [:error] [pid 3761:tid 3780] [client 172.213.25.203:50629] File does not exist: /disk001/machen/public_html/suporte/berlin.php
[Fri Jun 12 02:32:56.435831 2026] [security2:error] [pid 11021:tid 11035] [client 34.38.7.103:1174] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuaCOfOlZI6G7yRn5IjNgAAAEU"]
[Fri Jun 12 02:36:10.244718 2026] [security2:error] [pid 11021:tid 11035] [client 46.151.178.13:60402] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuayufOlZI6G7yRn5ImmAAAAEU"], referer: http://13.84.161.190:443/
[Fri Jun 12 02:37:34.757746 2026] [security2:error] [pid 3761:tid 3783] [client 82.156.34.74:58772] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiubHkN3y4TTMK1sMPa4gQAAAM0"]
[Fri Jun 12 02:43:25.597836 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/this_is_a_new_hello_world.php
[Fri Jun 12 02:43:25.715674 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/x.php
[Fri Jun 12 02:43:25.829101 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/177.php
[Fri Jun 12 02:43:25.984932 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/199.php
[Fri Jun 12 02:43:26.093814 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/adca.php
[Fri Jun 12 02:43:26.239153 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ssixta.php
[Fri Jun 12 02:43:26.338953 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/b1ack.php
[Fri Jun 12 02:43:26.450672 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/Ov-Simple1.php
[Fri Jun 12 02:43:26.585225 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/sukce.php
[Fri Jun 12 02:43:26.688292 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/xb.php
[Fri Jun 12 02:43:26.792319 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/biufile.php
[Fri Jun 12 02:43:26.898113 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/wpconf.php
[Fri Jun 12 02:43:26.999230 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ultradybbuks.php
[Fri Jun 12 02:43:27.100630 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/novax.php
[Fri Jun 12 02:43:27.202182 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/mosty.php
[Fri Jun 12 02:43:27.301733 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/dejavu.php
[Fri Jun 12 02:43:27.420040 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/aaf.php
[Fri Jun 12 02:43:27.522278 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/b00869ae6e.php
[Fri Jun 12 02:43:27.622972 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/hellcut.php
[Fri Jun 12 02:43:27.722793 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/wander.php
[Fri Jun 12 02:43:27.822935 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ha.php
[Fri Jun 12 02:43:27.928871 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/hur.php
[Fri Jun 12 02:43:28.033375 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/2222.php
[Fri Jun 12 02:43:28.136111 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/h02ugyh.php
[Fri Jun 12 02:43:28.239473 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/mariju.php
[Fri Jun 12 02:43:28.369391 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/cu.php
[Fri Jun 12 02:43:28.469872 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/seiso.php
[Fri Jun 12 02:43:28.572803 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/155.php
[Fri Jun 12 02:43:28.674742 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ppp.php
[Fri Jun 12 02:43:28.776856 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/201.php
[Fri Jun 12 02:43:28.879761 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ops.php
[Fri Jun 12 02:43:28.982996 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/samll.php
[Fri Jun 12 02:43:29.158084 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ingfo.php
[Fri Jun 12 02:43:29.262300 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/error_log.php
[Fri Jun 12 02:43:29.362870 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/xenon1337.php
[Fri Jun 12 02:43:29.464055 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/test11.php
[Fri Jun 12 02:43:29.573998 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/koala.php
[Fri Jun 12 02:43:29.676618 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/mac.php
[Fri Jun 12 02:43:29.778432 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/25d653587fdfd1.php
[Fri Jun 12 02:43:29.881923 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/wefile.php
[Fri Jun 12 02:43:30.481300 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/half.php
[Fri Jun 12 02:43:30.597754 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/2P.php
[Fri Jun 12 02:43:30.705848 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/tires.php
[Fri Jun 12 02:43:30.926543 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/like.php
[Fri Jun 12 02:43:31.036857 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/.well-known/about.php
[Fri Jun 12 02:43:31.247774 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/bob.php
[Fri Jun 12 02:43:31.353672 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/t3s.php
[Fri Jun 12 02:43:31.657468 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/uwu.php
[Fri Jun 12 02:43:31.758544 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/uwa.php
[Fri Jun 12 02:43:31.879157 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/crgio.php
[Fri Jun 12 02:43:32.015481 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/geforce.php
[Fri Jun 12 02:43:32.121294 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/pucci.php
[Fri Jun 12 02:43:32.430988 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/one.php
[Fri Jun 12 02:43:32.537962 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/wp-temp.php
[Fri Jun 12 02:43:32.742050 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/w2026.php
[Fri Jun 12 02:43:32.850917 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/mode.php
[Fri Jun 12 02:43:33.057936 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/dx.php
[Fri Jun 12 02:43:33.162287 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/puc.php
[Fri Jun 12 02:43:33.270099 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/themes.php
[Fri Jun 12 02:43:33.411050 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/dx.php
[Fri Jun 12 02:43:33.538831 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/11.php
[Fri Jun 12 02:43:33.642257 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/p.php
[Fri Jun 12 02:43:33.902327 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/bthil.php
[Fri Jun 12 02:43:34.005086 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/7.php
[Fri Jun 12 02:43:34.107865 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/8.php
[Fri Jun 12 02:43:34.211054 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/1.php
[Fri Jun 12 02:43:34.312745 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/100.php
[Fri Jun 12 02:43:34.414062 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/about.php
[Fri Jun 12 02:43:34.623641 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/admin.php
[Fri Jun 12 02:43:34.729264 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/edit.php
[Fri Jun 12 02:43:35.005558 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/f6.php
[Fri Jun 12 02:43:35.113191 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/inputs.php
[Fri Jun 12 02:43:35.239925 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/av.php
[Fri Jun 12 02:43:35.345719 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/classwithtostring.php
[Fri Jun 12 02:43:35.557696 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/wp-blog.php
[Fri Jun 12 02:43:35.859336 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/adminfuns.php
[Fri Jun 12 02:43:35.970704 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/goods.php
[Fri Jun 12 02:43:36.174219 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/ms-edit.php
[Fri Jun 12 02:43:36.282728 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/222.php
[Fri Jun 12 02:43:36.388999 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/cgi-bin/index.php
[Fri Jun 12 02:43:36.612870 2026] [:error] [pid 6693:tid 6709] [client 52.236.66.21:62741] File does not exist: /disk001/machen/public_html/suporte/BDKR28WP.php
[Fri Jun 12 02:43:37.216623 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/wp.php
[Fri Jun 12 02:43:37.326232 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/abcd.php
[Fri Jun 12 02:43:37.424880 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/a1.php
[Fri Jun 12 02:43:37.635666 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/bal.php
[Fri Jun 12 02:43:37.734336 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/cgi-bin/admin.php
[Fri Jun 12 02:43:37.833338 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/gettest.php
[Fri Jun 12 02:43:38.152621 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/simple.php
[Fri Jun 12 02:43:38.251041 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/kj.php
[Fri Jun 12 02:43:38.471215 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/xxx.php
[Fri Jun 12 02:43:38.595385 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/hypo.php
[Fri Jun 12 02:43:38.811278 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/chosen.php
[Fri Jun 12 02:43:39.015026 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/gg.php
[Fri Jun 12 02:43:39.114496 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/als.php
[Fri Jun 12 02:43:39.212451 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/pol.php
[Fri Jun 12 02:43:39.357006 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/006.php
[Fri Jun 12 02:43:39.456867 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file5.php
[Fri Jun 12 02:43:39.560158 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/4PJcpMFsD8B.php
[Fri Jun 12 02:43:39.659133 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file.php
[Fri Jun 12 02:43:39.796008 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/cfile.php
[Fri Jun 12 02:43:39.943004 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/class-wp.php
[Fri Jun 12 02:43:40.063766 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/ahax.php
[Fri Jun 12 02:43:40.212862 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/aa2.php
[Fri Jun 12 02:43:40.314282 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/ccou.php
[Fri Jun 12 02:43:40.428328 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/dr.php
[Fri Jun 12 02:43:40.531955 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/xamp.php
[Fri Jun 12 02:43:40.655967 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/cA3bHIkVhgP.php
[Fri Jun 12 02:43:40.769862 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/bless.php
[Fri Jun 12 02:43:40.870082 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file46.php
[Fri Jun 12 02:43:40.969607 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/bb.php
[Fri Jun 12 02:43:41.070143 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/eee.php
[Fri Jun 12 02:43:41.227993 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/5BltUjE9CrY.php
[Fri Jun 12 02:43:41.338119 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file25.php
[Fri Jun 12 02:43:41.445744 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/hg.php
[Fri Jun 12 02:43:41.546678 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file48.php
[Fri Jun 12 02:43:41.657939 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file59.php
[Fri Jun 12 02:43:41.757793 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/ff.php
[Fri Jun 12 02:43:41.857841 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file31.php
[Fri Jun 12 02:43:41.994724 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file6.php
[Fri Jun 12 02:43:42.115930 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/a2.php
[Fri Jun 12 02:43:42.216823 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file15.php
[Fri Jun 12 02:43:42.321012 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file81.php
[Fri Jun 12 02:43:42.429863 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/no1.php
[Fri Jun 12 02:43:42.537468 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/jp.php
[Fri Jun 12 02:43:42.668663 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/f35.php
[Fri Jun 12 02:43:42.778806 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/xa.php
[Fri Jun 12 02:43:42.879126 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/wp-load.php
[Fri Jun 12 02:43:42.979982 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/xwpg.php
[Fri Jun 12 02:43:43.192764 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/w2025.php
[Fri Jun 12 02:43:43.418726 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/ddd.php
[Fri Jun 12 02:43:43.619018 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/jj.php
[Fri Jun 12 02:43:43.728452 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/waf.php
[Fri Jun 12 02:43:43.828906 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/xstelth.php
[Fri Jun 12 02:43:44.029081 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/bel.php
[Fri Jun 12 02:43:44.127970 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/file58.php
[Fri Jun 12 02:43:44.241983 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/wp-links.php
[Fri Jun 12 02:43:44.449021 2026] [:error] [pid 3761:tid 3780] [client 52.236.66.21:62721] File does not exist: /disk001/machen/public_html/suporte/berlin.php
[Fri Jun 12 02:44:48.062516 2026] [core:error] [pid 11021:tid 11044] [client 79.76.58.113:45918] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 02:44:48.907054 2026] [core:error] [pid 11021:tid 11034] [client 79.76.58.113:41524] AH10244: invalid URI path (/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh)
[Fri Jun 12 02:44:50.035753 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiuc0ihtFHEdnREfgjNzeAAAAJg"]
[Fri Jun 12 02:44:50.036920 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiuc0ihtFHEdnREfgjNzeAAAAJg"]
[Fri Jun 12 02:44:50.036997 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "198"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiuc0ihtFHEdnREfgjNzeAAAAJg"]
[Fri Jun 12 02:44:50.037687 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiuc0ihtFHEdnREfgjNzeAAAAJg"]
[Fri Jun 12 02:44:50.038893 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc0ihtFHEdnREfgjNzeAAAAJg"]
[Fri Jun 12 02:44:50.976906 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuc0ihtFHEdnREfgjNzfAAAAJg"]
[Fri Jun 12 02:44:50.977319 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuc0ihtFHEdnREfgjNzfAAAAJg"]
[Fri Jun 12 02:44:50.977491 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "198"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuc0ihtFHEdnREfgjNzfAAAAJg"]
[Fri Jun 12 02:44:50.978121 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuc0ihtFHEdnREfgjNzfAAAAJg"]
[Fri Jun 12 02:44:50.979218 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc0ihtFHEdnREfgjNzfAAAAJg"]
[Fri Jun 12 02:44:51.881992 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc0yhtFHEdnREfgjNzfgAAAJg"]
[Fri Jun 12 02:44:51.882113 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc0yhtFHEdnREfgjNzfgAAAJg"]
[Fri Jun 12 02:44:51.882176 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc0yhtFHEdnREfgjNzfgAAAJg"]
[Fri Jun 12 02:44:51.882506 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc0yhtFHEdnREfgjNzfgAAAJg"]
[Fri Jun 12 02:44:51.883461 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc0yhtFHEdnREfgjNzfgAAAJg"]
[Fri Jun 12 02:44:52.544880 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ChtFHEdnREfgjNzgQAAAJg"]
[Fri Jun 12 02:44:52.544994 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ChtFHEdnREfgjNzgQAAAJg"]
[Fri Jun 12 02:44:52.545096 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ChtFHEdnREfgjNzgQAAAJg"]
[Fri Jun 12 02:44:52.545516 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ChtFHEdnREfgjNzgQAAAJg"]
[Fri Jun 12 02:44:52.546405 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc1ChtFHEdnREfgjNzgQAAAJg"]
[Fri Jun 12 02:44:53.285618 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzgwAAAJg"]
[Fri Jun 12 02:44:53.285743 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzgwAAAJg"]
[Fri Jun 12 02:44:53.285823 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzgwAAAJg"]
[Fri Jun 12 02:44:53.286257 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzgwAAAJg"]
[Fri Jun 12 02:44:53.287129 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc1ShtFHEdnREfgjNzgwAAAJg"]
[Fri Jun 12 02:44:53.956980 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzhQAAAJg"]
[Fri Jun 12 02:44:53.957103 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzhQAAAJg"]
[Fri Jun 12 02:44:53.957166 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzhQAAAJg"]
[Fri Jun 12 02:44:53.957556 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc1ShtFHEdnREfgjNzhQAAAJg"]
[Fri Jun 12 02:44:53.958364 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc1ShtFHEdnREfgjNzhQAAAJg"]
[Fri Jun 12 02:44:54.747811 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aiuc1ihtFHEdnREfgjNzhwAAAJg"]
[Fri Jun 12 02:44:54.747984 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aiuc1ihtFHEdnREfgjNzhwAAAJg"]
[Fri Jun 12 02:44:54.748076 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aiuc1ihtFHEdnREfgjNzhwAAAJg"]
[Fri Jun 12 02:44:54.748492 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/phpunit/phpunit/LICENSE/eval-stdin.php"] [unique_id "aiuc1ihtFHEdnREfgjNzhwAAAJg"]
[Fri Jun 12 02:44:54.749417 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc1ihtFHEdnREfgjNzhwAAAJg"]
[Fri Jun 12 02:44:55.583758 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1yhtFHEdnREfgjNziwAAAJg"]
[Fri Jun 12 02:44:55.583892 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1yhtFHEdnREfgjNziwAAAJg"]
[Fri Jun 12 02:44:55.583960 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1yhtFHEdnREfgjNziwAAAJg"]
[Fri Jun 12 02:44:55.584371 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc1yhtFHEdnREfgjNziwAAAJg"]
[Fri Jun 12 02:44:55.585268 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc1yhtFHEdnREfgjNziwAAAJg"]
[Fri Jun 12 02:44:56.543889 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ChtFHEdnREfgjNzjQAAAJg"]
[Fri Jun 12 02:44:56.544018 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ChtFHEdnREfgjNzjQAAAJg"]
[Fri Jun 12 02:44:56.544083 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ChtFHEdnREfgjNzjQAAAJg"]
[Fri Jun 12 02:44:56.544480 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ChtFHEdnREfgjNzjQAAAJg"]
[Fri Jun 12 02:44:56.545306 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc2ChtFHEdnREfgjNzjQAAAJg"]
[Fri Jun 12 02:44:57.326424 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ShtFHEdnREfgjNzkQAAAJg"]
[Fri Jun 12 02:44:57.326527 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ShtFHEdnREfgjNzkQAAAJg"]
[Fri Jun 12 02:44:57.326631 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ShtFHEdnREfgjNzkQAAAJg"]
[Fri Jun 12 02:44:57.327035 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ShtFHEdnREfgjNzkQAAAJg"]
[Fri Jun 12 02:44:57.327871 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc2ShtFHEdnREfgjNzkQAAAJg"]
[Fri Jun 12 02:44:58.361923 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ihtFHEdnREfgjNzlAAAAJg"]
[Fri Jun 12 02:44:58.362045 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ihtFHEdnREfgjNzlAAAAJg"]
[Fri Jun 12 02:44:58.362112 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ihtFHEdnREfgjNzlAAAAJg"]
[Fri Jun 12 02:44:58.362551 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc2ihtFHEdnREfgjNzlAAAAJg"]
[Fri Jun 12 02:44:58.363357 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc2ihtFHEdnREfgjNzlAAAAJg"]
[Fri Jun 12 02:44:59.278745 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2yhtFHEdnREfgjNzmAAAAJg"]
[Fri Jun 12 02:44:59.278868 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2yhtFHEdnREfgjNzmAAAAJg"]
[Fri Jun 12 02:44:59.278934 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2yhtFHEdnREfgjNzmAAAAJg"]
[Fri Jun 12 02:44:59.279363 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc2yhtFHEdnREfgjNzmAAAAJg"]
[Fri Jun 12 02:44:59.280262 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc2yhtFHEdnREfgjNzmAAAAJg"]
[Fri Jun 12 02:45:00.031392 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ChtFHEdnREfgjNzmwAAAJg"]
[Fri Jun 12 02:45:00.031620 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ChtFHEdnREfgjNzmwAAAJg"]
[Fri Jun 12 02:45:00.031715 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ChtFHEdnREfgjNzmwAAAJg"]
[Fri Jun 12 02:45:00.032364 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ChtFHEdnREfgjNzmwAAAJg"]
[Fri Jun 12 02:45:00.033470 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3ChtFHEdnREfgjNzmwAAAJg"]
[Fri Jun 12 02:45:01.007562 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNznwAAAJg"]
[Fri Jun 12 02:45:01.007727 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNznwAAAJg"]
[Fri Jun 12 02:45:01.007794 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNznwAAAJg"]
[Fri Jun 12 02:45:01.008344 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNznwAAAJg"]
[Fri Jun 12 02:45:01.009235 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3ShtFHEdnREfgjNznwAAAJg"]
[Fri Jun 12 02:45:01.552285 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNzoAAAAJg"]
[Fri Jun 12 02:45:01.552444 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNzoAAAAJg"]
[Fri Jun 12 02:45:01.552501 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNzoAAAAJg"]
[Fri Jun 12 02:45:01.552902 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ShtFHEdnREfgjNzoAAAAJg"]
[Fri Jun 12 02:45:01.553656 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3ShtFHEdnREfgjNzoAAAAJg"]
[Fri Jun 12 02:45:02.305661 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ihtFHEdnREfgjNzowAAAJg"]
[Fri Jun 12 02:45:02.305760 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ihtFHEdnREfgjNzowAAAJg"]
[Fri Jun 12 02:45:02.305825 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ihtFHEdnREfgjNzowAAAJg"]
[Fri Jun 12 02:45:02.306229 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/phpunit/Util/PHP/eval-stdin.php"] [unique_id "aiuc3ihtFHEdnREfgjNzowAAAJg"]
[Fri Jun 12 02:45:02.307379 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3ihtFHEdnREfgjNzowAAAJg"]
[Fri Jun 12 02:45:03.096162 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzpgAAAJg"]
[Fri Jun 12 02:45:03.096287 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzpgAAAJg"]
[Fri Jun 12 02:45:03.096380 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzpgAAAJg"]
[Fri Jun 12 02:45:03.096926 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzpgAAAJg"]
[Fri Jun 12 02:45:03.097853 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3yhtFHEdnREfgjNzpgAAAJg"]
[Fri Jun 12 02:45:03.896373 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzqQAAAJg"]
[Fri Jun 12 02:45:03.896516 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzqQAAAJg"]
[Fri Jun 12 02:45:03.896610 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzqQAAAJg"]
[Fri Jun 12 02:45:03.897141 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc3yhtFHEdnREfgjNzqQAAAJg"]
[Fri Jun 12 02:45:03.898313 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc3yhtFHEdnREfgjNzqQAAAJg"]
[Fri Jun 12 02:45:04.771403 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ChtFHEdnREfgjNzqgAAAJg"]
[Fri Jun 12 02:45:04.771524 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ChtFHEdnREfgjNzqgAAAJg"]
[Fri Jun 12 02:45:04.771619 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ChtFHEdnREfgjNzqgAAAJg"]
[Fri Jun 12 02:45:04.772059 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ChtFHEdnREfgjNzqgAAAJg"]
[Fri Jun 12 02:45:04.773140 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc4ChtFHEdnREfgjNzqgAAAJg"]
[Fri Jun 12 02:45:05.491464 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ShtFHEdnREfgjNzrAAAAJg"]
[Fri Jun 12 02:45:05.491602 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ShtFHEdnREfgjNzrAAAAJg"]
[Fri Jun 12 02:45:05.491694 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ShtFHEdnREfgjNzrAAAAJg"]
[Fri Jun 12 02:45:05.492192 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ShtFHEdnREfgjNzrAAAAJg"]
[Fri Jun 12 02:45:05.493141 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc4ShtFHEdnREfgjNzrAAAAJg"]
[Fri Jun 12 02:45:06.322780 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNzsQAAAJg"]
[Fri Jun 12 02:45:06.322901 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNzsQAAAJg"]
[Fri Jun 12 02:45:06.322977 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNzsQAAAJg"]
[Fri Jun 12 02:45:06.323379 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNzsQAAAJg"]
[Fri Jun 12 02:45:06.324496 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc4ihtFHEdnREfgjNzsQAAAJg"]
[Fri Jun 12 02:45:06.961427 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNztAAAAJg"]
[Fri Jun 12 02:45:06.961552 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNztAAAAJg"]
[Fri Jun 12 02:45:06.961695 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNztAAAAJg"]
[Fri Jun 12 02:45:06.962194 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc4ihtFHEdnREfgjNztAAAAJg"]
[Fri Jun 12 02:45:06.963052 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc4ihtFHEdnREfgjNztAAAAJg"]
[Fri Jun 12 02:45:08.085647 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ChtFHEdnREfgjNzuQAAAJg"]
[Fri Jun 12 02:45:08.085785 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ChtFHEdnREfgjNzuQAAAJg"]
[Fri Jun 12 02:45:08.085872 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ChtFHEdnREfgjNzuQAAAJg"]
[Fri Jun 12 02:45:08.086310 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ChtFHEdnREfgjNzuQAAAJg"]
[Fri Jun 12 02:45:08.087272 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc5ChtFHEdnREfgjNzuQAAAJg"]
[Fri Jun 12 02:45:09.096132 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzvgAAAJg"]
[Fri Jun 12 02:45:09.096248 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzvgAAAJg"]
[Fri Jun 12 02:45:09.096314 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzvgAAAJg"]
[Fri Jun 12 02:45:09.096772 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzvgAAAJg"]
[Fri Jun 12 02:45:09.097686 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc5ShtFHEdnREfgjNzvgAAAJg"]
[Fri Jun 12 02:45:09.666240 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzwAAAAJg"]
[Fri Jun 12 02:45:09.666363 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzwAAAAJg"]
[Fri Jun 12 02:45:09.666458 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzwAAAAJg"]
[Fri Jun 12 02:45:09.670614 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ShtFHEdnREfgjNzwAAAAJg"]
[Fri Jun 12 02:45:09.671695 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc5ShtFHEdnREfgjNzwAAAAJg"]
[Fri Jun 12 02:45:10.629543 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ihtFHEdnREfgjNzxAAAAJg"]
[Fri Jun 12 02:45:10.629715 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ihtFHEdnREfgjNzxAAAAJg"]
[Fri Jun 12 02:45:10.629789 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ihtFHEdnREfgjNzxAAAAJg"]
[Fri Jun 12 02:45:10.630198 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5ihtFHEdnREfgjNzxAAAAJg"]
[Fri Jun 12 02:45:10.631057 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc5ihtFHEdnREfgjNzxAAAAJg"]
[Fri Jun 12 02:45:11.135698 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5yhtFHEdnREfgjNzxwAAAJg"]
[Fri Jun 12 02:45:11.135857 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5yhtFHEdnREfgjNzxwAAAJg"]
[Fri Jun 12 02:45:11.135921 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5yhtFHEdnREfgjNzxwAAAJg"]
[Fri Jun 12 02:45:11.136300 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc5yhtFHEdnREfgjNzxwAAAJg"]
[Fri Jun 12 02:45:11.137206 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc5yhtFHEdnREfgjNzxwAAAJg"]
[Fri Jun 12 02:45:12.008971 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzAAAAJg"]
[Fri Jun 12 02:45:12.009175 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzAAAAJg"]
[Fri Jun 12 02:45:12.009267 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzAAAAJg"]
[Fri Jun 12 02:45:12.009742 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzAAAAJg"]
[Fri Jun 12 02:45:12.010671 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6ChtFHEdnREfgjNzzAAAAJg"]
[Fri Jun 12 02:45:12.975771 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzwAAAJg"]
[Fri Jun 12 02:45:12.975914 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzwAAAJg"]
[Fri Jun 12 02:45:12.975981 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzwAAAJg"]
[Fri Jun 12 02:45:12.976391 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ChtFHEdnREfgjNzzwAAAJg"]
[Fri Jun 12 02:45:12.977336 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6ChtFHEdnREfgjNzzwAAAJg"]
[Fri Jun 12 02:45:13.284633 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz0gAAAJg"]
[Fri Jun 12 02:45:13.284792 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz0gAAAJg"]
[Fri Jun 12 02:45:13.284872 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz0gAAAJg"]
[Fri Jun 12 02:45:13.285265 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz0gAAAJg"]
[Fri Jun 12 02:45:13.286364 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6ShtFHEdnREfgjNz0gAAAJg"]
[Fri Jun 12 02:45:13.912806 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz1AAAAJg"]
[Fri Jun 12 02:45:13.912921 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz1AAAAJg"]
[Fri Jun 12 02:45:13.913001 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz1AAAAJg"]
[Fri Jun 12 02:45:13.913463 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ShtFHEdnREfgjNz1AAAAJg"]
[Fri Jun 12 02:45:13.914451 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6ShtFHEdnREfgjNz1AAAAJg"]
[Fri Jun 12 02:45:14.808708 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ihtFHEdnREfgjNz2AAAAJg"]
[Fri Jun 12 02:45:14.808826 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ihtFHEdnREfgjNz2AAAAJg"]
[Fri Jun 12 02:45:14.808952 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ihtFHEdnREfgjNz2AAAAJg"]
[Fri Jun 12 02:45:14.809514 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6ihtFHEdnREfgjNz2AAAAJg"]
[Fri Jun 12 02:45:14.810446 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6ihtFHEdnREfgjNz2AAAAJg"]
[Fri Jun 12 02:45:15.591292 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6yhtFHEdnREfgjNz3AAAAJg"]
[Fri Jun 12 02:45:15.591427 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6yhtFHEdnREfgjNz3AAAAJg"]
[Fri Jun 12 02:45:15.591493 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6yhtFHEdnREfgjNz3AAAAJg"]
[Fri Jun 12 02:45:15.591923 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc6yhtFHEdnREfgjNz3AAAAJg"]
[Fri Jun 12 02:45:15.592992 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc6yhtFHEdnREfgjNz3AAAAJg"]
[Fri Jun 12 02:45:16.389008 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ChtFHEdnREfgjNz4QAAAJg"]
[Fri Jun 12 02:45:16.389192 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ChtFHEdnREfgjNz4QAAAJg"]
[Fri Jun 12 02:45:16.389364 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ChtFHEdnREfgjNz4QAAAJg"]
[Fri Jun 12 02:45:16.389871 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ChtFHEdnREfgjNz4QAAAJg"]
[Fri Jun 12 02:45:16.390714 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc7ChtFHEdnREfgjNz4QAAAJg"]
[Fri Jun 12 02:45:17.158817 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz4wAAAJg"]
[Fri Jun 12 02:45:17.158934 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz4wAAAJg"]
[Fri Jun 12 02:45:17.159042 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz4wAAAJg"]
[Fri Jun 12 02:45:17.159397 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz4wAAAJg"]
[Fri Jun 12 02:45:17.160366 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc7ShtFHEdnREfgjNz4wAAAJg"]
[Fri Jun 12 02:45:17.994782 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz5wAAAJg"]
[Fri Jun 12 02:45:17.994958 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz5wAAAJg"]
[Fri Jun 12 02:45:17.995042 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz5wAAAJg"]
[Fri Jun 12 02:45:17.995547 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ShtFHEdnREfgjNz5wAAAJg"]
[Fri Jun 12 02:45:17.996406 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc7ShtFHEdnREfgjNz5wAAAJg"]
[Fri Jun 12 02:45:18.733532 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ihtFHEdnREfgjNz6QAAAJg"]
[Fri Jun 12 02:45:18.733737 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ihtFHEdnREfgjNz6QAAAJg"]
[Fri Jun 12 02:45:18.733828 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ihtFHEdnREfgjNz6QAAAJg"]
[Fri Jun 12 02:45:18.734444 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7ihtFHEdnREfgjNz6QAAAJg"]
[Fri Jun 12 02:45:18.735481 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc7ihtFHEdnREfgjNz6QAAAJg"]
[Fri Jun 12 02:45:19.420945 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7yhtFHEdnREfgjNz7AAAAJg"]
[Fri Jun 12 02:45:19.421064 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7yhtFHEdnREfgjNz7AAAAJg"]
[Fri Jun 12 02:45:19.421163 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7yhtFHEdnREfgjNz7AAAAJg"]
[Fri Jun 12 02:45:19.421636 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc7yhtFHEdnREfgjNz7AAAAJg"]
[Fri Jun 12 02:45:19.422540 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc7yhtFHEdnREfgjNz7AAAAJg"]
[Fri Jun 12 02:45:20.102991 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "33"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc8ChtFHEdnREfgjNz7gAAAJg"]
[Fri Jun 12 02:45:20.103203 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc8ChtFHEdnREfgjNz7gAAAJg"]
[Fri Jun 12 02:45:20.103303 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc8ChtFHEdnREfgjNz7gAAAJg"]
[Fri Jun 12 02:45:20.103928 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aiuc8ChtFHEdnREfgjNz7gAAAJg"]
[Fri Jun 12 02:45:20.104843 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc8ChtFHEdnREfgjNz7gAAAJg"]
[Fri Jun 12 02:45:20.993560 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ChtFHEdnREfgjNz8gAAAJg"]
[Fri Jun 12 02:45:20.994045 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Matched phrase "call_user_func" at ARGS:function. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: call_user_func found within ARGS:function: call_user_func_array"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ChtFHEdnREfgjNz8gAAAJg"]
[Fri Jun 12 02:45:20.994997 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ChtFHEdnREfgjNz8gAAAJg"]
[Fri Jun 12 02:45:20.995939 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc8ChtFHEdnREfgjNz8gAAAJg"]
[Fri Jun 12 02:45:21.735719 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aiuc8ShtFHEdnREfgjNz9QAAAJg"]
[Fri Jun 12 02:45:21.736167 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Matched phrase "call_user_func" at ARGS:function. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: call_user_func found within ARGS:function: call_user_func_array"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aiuc8ShtFHEdnREfgjNz9QAAAJg"]
[Fri Jun 12 02:45:21.736981 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/public/index.php"] [unique_id "aiuc8ShtFHEdnREfgjNz9QAAAJg"]
[Fri Jun 12 02:45:21.737921 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc8ShtFHEdnREfgjNz9QAAAJg"]
[Fri Jun 12 02:45:22.617757 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618044 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\\x22hi\\x22));?>+/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618109 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618159 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\\x22hi\\x22));?>+/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618238 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& config-create /&/<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618368 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& config-create/&/<?echo(md5(hi)) ?>/tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618417 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618463 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../usr/local/lib/php/pearcmd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.618620 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:<\\\\?(?:[^x]|x[^m]|xm[^l]|xml[^\\\\s]|xml$|$)|<\\\\?php|\\\\[(?:\\\\/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:/<?echo(md5("hi"));?> /tmp/index1.php. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "66"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <?e found within ARGS_NAMES:/<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php: /<?echo(md5(\\x22hi\\x22));?> /tmp/index1.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.619436 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 43)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:22.620313 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 43 - SQLI=0,XSS=0,RFI=0,LFI=35,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 43, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc8ihtFHEdnREfgjNz-AAAAJg"]
[Fri Jun 12 02:45:23.524823 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525072 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525137 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "48"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525182 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525231 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?lang=../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525266 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525307 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:lang. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:lang: ../../../../../../../../tmp/index1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.525819 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/index.php"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:23.526560 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=30,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 33, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuc8yhtFHEdnREfgjNz-wAAAJg"]
[Fri Jun 12 02:45:24.499673 2026] [security2:error] [pid 21150:tid 21179] [client 79.76.58.113:41528] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/containers/json"] [unique_id "aiuc9ChtFHEdnREfgjNz_QAAAJg"]
[Fri Jun 12 02:53:02.217088 2026] [security2:error] [pid 6693:tid 6722] [client 62.210.142.164:21216] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiuevnjPYfbesaCsFzPRHgAAABg"]
[Fri Jun 12 02:54:02.678169 2026] [security2:error] [pid 21150:tid 21156] [client 62.210.142.164:21216] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiue-ihtFHEdnREfgjN6kQAAAIE"]
[Fri Jun 12 02:54:18.900624 2026] [security2:error] [pid 5193:tid 5209] [client 46.151.178.13:32820] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiufCn382LywbxGg79tqiQAAAQw"], referer: http://13.66.22.226:443/
[Fri Jun 12 02:54:34.480251 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiufGufOlZI6G7yRn5I7NwAAAFA"]
[Fri Jun 12 02:54:34.601742 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/manage/account/login"] [unique_id "aiufGufOlZI6G7yRn5I7OQAAAFA"]
[Fri Jun 12 02:54:34.724885 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/index.html"] [unique_id "aiufGufOlZI6G7yRn5I7OgAAAFA"]
[Fri Jun 12 02:54:34.847491 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/index.html"] [unique_id "aiufGufOlZI6G7yRn5I7OwAAAFA"]
[Fri Jun 12 02:54:34.967483 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/+CSCOE+/logon.html"] [unique_id "aiufGufOlZI6G7yRn5I7PAAAAFA"]
[Fri Jun 12 02:54:35.091742 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/login.cgi"] [unique_id "aiufG-fOlZI6G7yRn5I7PgAAAFA"]
[Fri Jun 12 02:54:35.212093 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/login.htm"] [unique_id "aiufG-fOlZI6G7yRn5I7QAAAAFA"]
[Fri Jun 12 02:54:35.339498 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/login.html"] [unique_id "aiufG-fOlZI6G7yRn5I7QQAAAFA"]
[Fri Jun 12 02:54:35.467560 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/login.jsp"] [unique_id "aiufG-fOlZI6G7yRn5I7QgAAAFA"]
[Fri Jun 12 02:54:35.597267 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/login"] [unique_id "aiufG-fOlZI6G7yRn5I7RAAAAFA"]
[Fri Jun 12 02:54:35.720704 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/doc/index.html"] [unique_id "aiufG-fOlZI6G7yRn5I7RgAAAFA"]
[Fri Jun 12 02:54:35.841852 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/remote/login"] [unique_id "aiufG-fOlZI6G7yRn5I7SAAAAFA"]
[Fri Jun 12 02:54:35.968305 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/admin/login.asp"] [unique_id "aiufG-fOlZI6G7yRn5I7SgAAAFA"]
[Fri Jun 12 02:54:36.102613 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/web/"] [unique_id "aiufHOfOlZI6G7yRn5I7SwAAAFA"]
[Fri Jun 12 02:54:36.224510 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/webpages/login.html"] [unique_id "aiufHOfOlZI6G7yRn5I7TAAAAFA"]
[Fri Jun 12 02:54:36.346530 2026] [security2:error] [pid 11021:tid 11046] [client 62.210.142.164:50644] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiufHOfOlZI6G7yRn5I7TQAAAFA"]
[Fri Jun 12 02:59:10.010884 2026] [security2:error] [pid 11021:tid 11039] [client 45.63.4.69:38510] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiugLufOlZI6G7yRn5I-SAAAAEk"]
[Fri Jun 12 02:59:13.608991 2026] [security2:error] [pid 11021:tid 11039] [client 45.63.4.69:38510] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiugMefOlZI6G7yRn5I-WAAAAEk"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 02:59:58.501475 2026] [security2:error] [pid 21150:tid 21173] [client 45.63.4.69:48248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiugXihtFHEdnREfgjOCAQAAAJI"]
[Fri Jun 12 03:01:00.222772 2026] [security2:error] [pid 5193:tid 5201] [client 78.153.140.156:57658] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiugnH382LywbxGg79tyUAAAAQQ"]
[Fri Jun 12 03:01:00.223046 2026] [security2:error] [pid 5193:tid 5201] [client 78.153.140.156:57658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiugnH382LywbxGg79tyUAAAAQQ"]
[Fri Jun 12 03:01:00.223302 2026] [security2:error] [pid 5193:tid 5201] [client 78.153.140.156:57658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiugnH382LywbxGg79tyUAAAAQQ"]
[Fri Jun 12 03:01:00.223711 2026] [security2:error] [pid 5193:tid 5201] [client 78.153.140.156:57658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiugnH382LywbxGg79tyUAAAAQQ"]
[Fri Jun 12 03:01:01.495809 2026] [security2:error] [pid 6693:tid 6698] [client 78.153.140.156:57664] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiugnXjPYfbesaCsFzPZzgAAAAA"]
[Fri Jun 12 03:04:30.275776 2026] [security2:error] [pid 3761:tid 3774] [client 45.156.129.130:46966] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuhbkN3y4TTMK1sMPbRjAAAAMQ"]
[Fri Jun 12 03:04:46.733808 2026] [security2:error] [pid 5193:tid 5201] [client 45.156.129.52:53652] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/showLogin.cc"] [unique_id "aiuhfn382LywbxGg79t3SwAAAQQ"]
[Fri Jun 12 03:10:16.925517 2026] [security2:error] [pid 16537:tid 16562] [client 198.235.24.33:63562] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiuiyDnO8q6PHxSIkqmSQAAAABQ"]
[Fri Jun 12 03:12:38.360156 2026] [security2:error] [pid 5193:tid 5218] [client 43.130.101.151:46188] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiujVn382LywbxGg79uCIAAAARU"], referer: http://13.84.161.190
[Fri Jun 12 03:12:38.360262 2026] [security2:error] [pid 5193:tid 5218] [client 43.130.101.151:46188] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiujVn382LywbxGg79uCIAAAARU"], referer: http://13.84.161.190
[Fri Jun 12 03:12:38.360874 2026] [security2:error] [pid 5193:tid 5218] [client 43.130.101.151:46188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiujVn382LywbxGg79uCIAAAARU"], referer: http://13.84.161.190
[Fri Jun 12 03:12:38.792421 2026] [security2:error] [pid 5193:tid 5218] [client 43.130.101.151:46188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiujVn382LywbxGg79uCIAAAARU"], referer: http://13.84.161.190
[Fri Jun 12 03:16:34.788213 2026] [security2:error] [pid 3761:tid 3790] [client 78.153.140.149:58304] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiukQkN3y4TTMK1sMPbd5wAAANQ"]
[Fri Jun 12 03:16:34.788452 2026] [security2:error] [pid 3761:tid 3790] [client 78.153.140.149:58304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiukQkN3y4TTMK1sMPbd5wAAANQ"]
[Fri Jun 12 03:16:34.788773 2026] [security2:error] [pid 3761:tid 3790] [client 78.153.140.149:58304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiukQkN3y4TTMK1sMPbd5wAAANQ"]
[Fri Jun 12 03:16:34.790104 2026] [security2:error] [pid 3761:tid 3790] [client 78.153.140.149:58304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiukQkN3y4TTMK1sMPbd5wAAANQ"]
[Fri Jun 12 03:16:35.157838 2026] [security2:error] [pid 21150:tid 21171] [client 78.153.140.149:58314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiukQyhtFHEdnREfgjOR5wAAAJA"]
[Fri Jun 12 03:17:42.315642 2026] [core:error] [pid 16537:tid 16563] [client 45.43.37.254:58366] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 03:18:08.921809 2026] [security2:error] [pid 30915:tid 30923] [client 65.49.1.199:57335] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiukoBj5nedXlUb5QfJ1_gAAAIU"], referer: http://13.84.161.190/
[Fri Jun 12 03:36:07.909762 2026] [security2:error] [pid 5193:tid 5205] [client 93.174.93.12:60000] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiuo13382LywbxGg79uZFQAAAQg"]
[Fri Jun 12 03:40:46.838669 2026] [security2:error] [pid 5193:tid 5217] [client 43.164.0.96:43228] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiup7n382LywbxGg79udngAAARQ"]
[Fri Jun 12 03:40:46.838774 2026] [security2:error] [pid 5193:tid 5217] [client 43.164.0.96:43228] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiup7n382LywbxGg79udngAAARQ"]
[Fri Jun 12 03:40:46.839514 2026] [security2:error] [pid 5193:tid 5217] [client 43.164.0.96:43228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiup7n382LywbxGg79udngAAARQ"]
[Fri Jun 12 03:40:46.840649 2026] [security2:error] [pid 5193:tid 5217] [client 43.164.0.96:43228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiup7n382LywbxGg79udngAAARQ"]
[Fri Jun 12 03:40:54.718984 2026] [security2:error] [pid 16537:tid 16564] [client 34.38.201.101:52466] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiup9jnO8q6PHxSIkqm1bAAAABY"]
[Fri Jun 12 03:45:06.455310 2026] [security2:error] [pid 16537:tid 16563] [client 221.159.119.6:41403] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/luci/;stok=/locale"] [unique_id "aiuq8jnO8q6PHxSIkqm6IAAAABU"]
[Fri Jun 12 03:45:06.640822 2026] [security2:error] [pid 30915:tid 30937] [client 221.159.119.6:41459] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-bin/luci/;stok=/locale"] [unique_id "aiuq8hj5nedXlUb5QfKQlAAAAJM"]
[Fri Jun 12 04:01:37.816018 2026] [security2:error] [pid 20364:tid 20389] [client 79.124.40.174:50206] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/actuator/gateway/routes"] [unique_id "aiuu0RXrxB4JE4I3Zy2MXQAAAFE"]
[Fri Jun 12 04:05:56.169855 2026] [security2:error] [pid 5193:tid 5214] [client 168.76.20.229:60688] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuv1H382LywbxGg79u30AAAARE"]
[Fri Jun 12 04:05:56.698745 2026] [security2:error] [pid 20364:tid 20386] [client 168.76.20.229:47758] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuv1BXrxB4JE4I3Zy2QTAAAAE4"]
[Fri Jun 12 04:05:57.145225 2026] [security2:error] [pid 16537:tid 16557] [client 168.76.20.229:30540] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiuv1TnO8q6PHxSIkqnPnAAAAA8"]
[Fri Jun 12 04:05:57.717501 2026] [security2:error] [pid 20364:tid 20387] [client 168.76.20.229:55876] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiuv1RXrxB4JE4I3Zy2QUAAAAE8"]
[Fri Jun 12 04:05:58.406508 2026] [security2:error] [pid 5193:tid 5210] [client 168.76.20.229:49799] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aiuv1n382LywbxGg79u33gAAAQ0"]
[Fri Jun 12 04:06:24.859304 2026] [security2:error] [pid 5193:tid 5218] [client 78.153.140.156:39692] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuv8H382LywbxGg79u4rgAAARU"]
[Fri Jun 12 04:06:24.859535 2026] [security2:error] [pid 5193:tid 5218] [client 78.153.140.156:39692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuv8H382LywbxGg79u4rgAAARU"]
[Fri Jun 12 04:06:24.859793 2026] [security2:error] [pid 5193:tid 5218] [client 78.153.140.156:39692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiuv8H382LywbxGg79u4rgAAARU"]
[Fri Jun 12 04:06:24.860041 2026] [security2:error] [pid 5193:tid 5218] [client 78.153.140.156:39692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuv8H382LywbxGg79u4rgAAARU"]
[Fri Jun 12 04:06:25.530827 2026] [security2:error] [pid 30915:tid 30936] [client 78.153.140.156:58840] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuv8Rj5nedXlUb5QfKqDgAAAJI"]
[Fri Jun 12 04:09:21.881150 2026] [security2:error] [pid 16537:tid 16552] [client 79.124.40.174:54810] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/gateway/routes"] [unique_id "aiuwoTnO8q6PHxSIkqnTWQAAAAo"]
[Fri Jun 12 04:09:22.686480 2026] [security2:error] [pid 9359:tid 9364] [client 79.124.40.174:54822] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiuwokvQWuX4mOPuRGCqLwAAAMM"], referer: https://13.66.22.226:443/actuator/gateway/routes
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 04:18:30.418894 2026] [security2:error] [pid 30915:tid 30929] [client 20.169.104.237:33508] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuyxhj5nedXlUb5QfK3ZgAAAIs"]
[Fri Jun 12 04:18:30.419103 2026] [security2:error] [pid 30915:tid 30929] [client 20.169.104.237:33508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuyxhj5nedXlUb5QfK3ZgAAAIs"]
[Fri Jun 12 04:18:30.419452 2026] [security2:error] [pid 30915:tid 30929] [client 20.169.104.237:33508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuyxhj5nedXlUb5QfK3ZgAAAIs"]
[Fri Jun 12 04:18:30.419831 2026] [security2:error] [pid 30915:tid 30929] [client 20.169.104.237:33508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiuyxhj5nedXlUb5QfK3ZgAAAIs"]
[Fri Jun 12 04:19:18.577689 2026] [security2:error] [pid 30915:tid 30939] [client 43.165.127.225:56086] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aiuy9hj5nedXlUb5QfK4HgAAAJU"], referer: http://machen.ai
[Fri Jun 12 04:21:45.749711 2026] [security2:error] [pid 16537:tid 16552] [client 192.248.150.180:47562] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiuziTnO8q6PHxSIkqneaAAAAAo"]
[Fri Jun 12 04:21:53.127752 2026] [security2:error] [pid 5193:tid 5197] [client 192.248.150.180:38358] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiuzkX382LywbxGg79vLwwAAAQA"], referer: http://13.84.161.190/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 04:31:14.883512 2026] [security2:error] [pid 9359:tid 9366] [client 69.5.169.199:33425] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "192.0.2.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "192.0.2.1"] [uri "/"] [unique_id "aiu1wkvQWuX4mOPuRGC_ogAAAMU"]
[Fri Jun 12 04:31:25.342540 2026] [security2:error] [pid 16537:tid 16544] [client 69.5.169.216:8314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu1zTnO8q6PHxSIkqno8wAAAAI"]
[Fri Jun 12 04:31:25.598007 2026] [security2:error] [pid 20364:tid 20378] [client 69.5.169.145:4704] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiu1zRXrxB4JE4I3Zy2qtwAAAEY"]
[Fri Jun 12 04:42:50.955071 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu4ejnO8q6PHxSIkqn1OgAAABA"]
[Fri Jun 12 04:42:51.146551 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiu4eznO8q6PHxSIkqn1PAAAABA"]
[Fri Jun 12 04:42:51.801981 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/img-sys/powered_by_cpanel.svg"] [unique_id "aiu4eznO8q6PHxSIkqn1PgAAABA"]
[Fri Jun 12 04:42:51.992411 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/img-sys/server_moved.png"] [unique_id "aiu4eznO8q6PHxSIkqn1QAAAABA"]
[Fri Jun 12 04:42:52.416826 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/img-sys/server_misconfigured.png"] [unique_id "aiu4fDnO8q6PHxSIkqn1QwAAABA"]
[Fri Jun 12 04:42:52.613537 2026] [security2:error] [pid 16537:tid 16558] [client 183.207.45.112:19046] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/img-sys/IP_changed.png"] [unique_id "aiu4fDnO8q6PHxSIkqn1RgAAABA"]
[Fri Jun 12 04:45:10.440898 2026] [security2:error] [pid 9359:tid 9371] [client 205.210.31.147:60714] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu5BkvQWuX4mOPuRGDOWAAAAMo"]
[Fri Jun 12 04:45:46.394874 2026] [security2:error] [pid 30915:tid 30936] [client 78.153.140.149:58490] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu5Khj5nedXlUb5QfLUUgAAAJI"]
[Fri Jun 12 04:45:46.395095 2026] [security2:error] [pid 30915:tid 30936] [client 78.153.140.149:58490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu5Khj5nedXlUb5QfLUUgAAAJI"]
[Fri Jun 12 04:45:46.395321 2026] [security2:error] [pid 30915:tid 30936] [client 78.153.140.149:58490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu5Khj5nedXlUb5QfLUUgAAAJI"]
[Fri Jun 12 04:45:46.396121 2026] [security2:error] [pid 30915:tid 30936] [client 78.153.140.149:58490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiu5Khj5nedXlUb5QfLUUgAAAJI"]
[Fri Jun 12 04:45:46.740878 2026] [security2:error] [pid 16537:tid 16556] [client 78.153.140.149:58506] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu5KjnO8q6PHxSIkqn4TAAAAA4"]
[Fri Jun 12 04:46:25.700190 2026] [security2:error] [pid 5193:tid 5202] [client 45.148.10.67:30508] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiu5UX382LywbxGg79vl3gAAAQU"]
[Fri Jun 12 04:50:41.032547 2026] [security2:error] [pid 30915:tid 30925] [client 78.153.140.250:41864] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiu6URj5nedXlUb5QfLYqAAAAIc"]
[Fri Jun 12 04:50:41.032792 2026] [security2:error] [pid 30915:tid 30925] [client 78.153.140.250:41864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiu6URj5nedXlUb5QfLYqAAAAIc"]
[Fri Jun 12 04:50:41.033029 2026] [security2:error] [pid 30915:tid 30925] [client 78.153.140.250:41864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiu6URj5nedXlUb5QfLYqAAAAIc"]
[Fri Jun 12 04:50:41.833974 2026] [security2:error] [pid 30915:tid 30925] [client 78.153.140.250:41864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiu6URj5nedXlUb5QfLYqAAAAIc"]
[Fri Jun 12 04:50:42.528782 2026] [security2:error] [pid 9359:tid 9364] [client 78.153.140.250:59498] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiu6UkvQWuX4mOPuRGDTBAAAAMM"]
[Fri Jun 12 04:51:42.508770 2026] [core:error] [pid 5193:tid 5204] [client 31.132.90.3:43216] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 04:56:45.466508 2026] [security2:error] [pid 9359:tid 9379] [client 40.124.183.177:57542] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiu7vUvQWuX4mOPuRGDZAwAAANI"]
[Fri Jun 12 04:56:45.466696 2026] [security2:error] [pid 9359:tid 9379] [client 40.124.183.177:57542] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiu7vUvQWuX4mOPuRGDZAwAAANI"]
[Fri Jun 12 04:56:45.467163 2026] [security2:error] [pid 9359:tid 9379] [client 40.124.183.177:57542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiu7vUvQWuX4mOPuRGDZAwAAANI"]
[Fri Jun 12 04:56:46.271275 2026] [security2:error] [pid 9359:tid 9379] [client 40.124.183.177:57542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiu7vUvQWuX4mOPuRGDZAwAAANI"]
[Fri Jun 12 05:01:45.454954 2026] [security2:error] [pid 9359:tid 9368] [client 43.166.1.243:55044] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "erhabenn.com.br"] [uri "/"] [unique_id "aiu86UvQWuX4mOPuRGDebAAAAMc"]
[Fri Jun 12 05:02:15.885753 2026] [security2:error] [pid 20364:tid 20396] [client 77.90.185.9:49660] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/RDWeb"] [unique_id "aiu9BxXrxB4JE4I3Zy3ODAAAAFg"], referer: https://www.google.com
[Fri Jun 12 05:02:32.709030 2026] [cgid:error] [pid 30915:tid 30936] [client 74.7.242.20:49790] AH01265: stderr from /disk001/machen/public_html/suporte/cgi-bin/: attempt to invoke directory as script, referer: https://www.suporte.machen.ai/
[Fri Jun 12 05:03:56.811936 2026] [security2:error] [pid 16178:tid 16206] [client 74.7.242.20:50320] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:fileloc: /disk001/machen/www/support/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu9bFHFXd3T5TQGNQcPQgAAARc"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/www/support
[Fri Jun 12 05:03:56.812726 2026] [security2:error] [pid 16178:tid 16206] [client 74.7.242.20:50320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu9bFHFXd3T5TQGNQcPQgAAARc"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/www/support
[Fri Jun 12 05:03:56.813004 2026] [security2:error] [pid 16178:tid 16206] [client 74.7.242.20:50320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu9bFHFXd3T5TQGNQcPQgAAARc"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/www/support
[Fri Jun 12 05:05:51.460359 2026] [security2:error] [pid 30915:tid 30923] [client 74.7.242.20:49776] ModSecurity: Warning. Matched phrase ".htpasswd" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htpasswd found within ARGS:path: /disk001/machen/.htpasswds"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu93xj5nedXlUb5QfLmQQAAAIU"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen
[Fri Jun 12 05:05:51.461009 2026] [security2:error] [pid 30915:tid 30923] [client 74.7.242.20:49776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu93xj5nedXlUb5QfLmQQAAAIU"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen
[Fri Jun 12 05:05:51.461301 2026] [security2:error] [pid 30915:tid 30923] [client 74.7.242.20:49776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu93xj5nedXlUb5QfLmQQAAAIU"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen
[Fri Jun 12 05:06:33.871732 2026] [security2:error] [pid 16537:tid 16557] [client 45.148.10.67:64890] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu-CTnO8q6PHxSIkqkM0QAAAA8"]
[Fri Jun 12 05:06:34.903245 2026] [security2:error] [pid 30915:tid 30923] [client 45.148.10.67:32124] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu-Chj5nedXlUb5QfLmrQAAAIU"]
[Fri Jun 12 05:06:35.293426 2026] [security2:error] [pid 16178:tid 16199] [client 45.148.10.67:32126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiu-C1HFXd3T5TQGNQcR_QAAARA"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 05:08:24.939065 2026] [security2:error] [pid 30915:tid 30926] [client 12.179.203.4:40626] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiu-eBj5nedXlUb5QfLn_AAAAIg"]
[Fri Jun 12 05:09:54.685737 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.svn/wc.db"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:09:54.685832 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.svn/wc.db"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:09:54.685925 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.svn/wc.db"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:09:54.686084 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.svn/wc.db"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:09:54.686369 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.svn/wc.db"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:09:55.399801 2026] [security2:error] [pid 20364:tid 20376] [client 195.178.110.2:54868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiu-0hXrxB4JE4I3Zy3WJAAAAEQ"]
[Fri Jun 12 05:12:41.186212 2026] [security2:error] [pid 20364:tid 20388] [client 74.7.242.20:34972] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:fileloc: /disk001/machen/public_html/support/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu_eRXrxB4JE4I3Zy3YzAAAAFA"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/public_html/support
[Fri Jun 12 05:12:41.187164 2026] [security2:error] [pid 20364:tid 20388] [client 74.7.242.20:34972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu_eRXrxB4JE4I3Zy3YzAAAAFA"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/public_html/support
[Fri Jun 12 05:12:41.187515 2026] [security2:error] [pid 20364:tid 20388] [client 74.7.242.20:34972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-cqfs97tA.php"] [unique_id "aiu_eRXrxB4JE4I3Zy3YzAAAAFA"], referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=/disk001/machen/public_html/support
[Fri Jun 12 05:12:58.667148 2026] [security2:error] [pid 16537:tid 16565] [client 77.83.39.42:37108] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu_ijnO8q6PHxSIkqkSkQAAABc"]
[Fri Jun 12 05:12:58.667340 2026] [security2:error] [pid 16537:tid 16565] [client 77.83.39.42:37108] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu_ijnO8q6PHxSIkqkSkQAAABc"]
[Fri Jun 12 05:12:58.667464 2026] [security2:error] [pid 16537:tid 16565] [client 77.83.39.42:37108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu_ijnO8q6PHxSIkqkSkQAAABc"]
[Fri Jun 12 05:12:58.667793 2026] [security2:error] [pid 16537:tid 16565] [client 77.83.39.42:37108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiu_ijnO8q6PHxSIkqkSkQAAABc"]
[Fri Jun 12 05:12:58.668180 2026] [security2:error] [pid 16537:tid 16565] [client 77.83.39.42:37108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiu_ijnO8q6PHxSIkqkSkQAAABc"]
[Fri Jun 12 05:13:12.999416 2026] [security2:error] [pid 9359:tid 9381] [client 74.7.242.20:44286] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:fileloc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:fileloc: /disk001/machen/www/support/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-oYOILkD7.php"] [unique_id "aiu_mEvQWuX4mOPuRGDn7gAAANQ"], referer: https://www.suporte.machen.ai/x-cp-oYOILkD7.php?path=/disk001/machen/www/support
[Fri Jun 12 05:13:13.000202 2026] [security2:error] [pid 9359:tid 9381] [client 74.7.242.20:44286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-oYOILkD7.php"] [unique_id "aiu_mEvQWuX4mOPuRGDn7gAAANQ"], referer: https://www.suporte.machen.ai/x-cp-oYOILkD7.php?path=/disk001/machen/www/support
[Fri Jun 12 05:13:13.000513 2026] [security2:error] [pid 9359:tid 9381] [client 74.7.242.20:44286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/x-cp-oYOILkD7.php"] [unique_id "aiu_mEvQWuX4mOPuRGDn7gAAANQ"], referer: https://www.suporte.machen.ai/x-cp-oYOILkD7.php?path=/disk001/machen/www/support
[Fri Jun 12 05:14:16.815857 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.46:46538] Could not write to logfile:
[Fri Jun 12 05:14:16.815933 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.46:46538] Printing message to stderr:
[Fri Jun 12 05:14:16.816045 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.46:46538] [Fri Jun 12 05:14:16 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:16.816050 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.46:46538] 
[Fri Jun 12 05:14:16.866673 2026] [:error] [pid 16537:tid 16556] [client 216.73.217.139:46703] Could not write to logfile:
[Fri Jun 12 05:14:16.866753 2026] [:error] [pid 16537:tid 16556] [client 216.73.217.139:46703] Printing message to stderr:
[Fri Jun 12 05:14:16.866857 2026] [:error] [pid 16537:tid 16556] [client 216.73.217.139:46703] [Fri Jun 12 05:14:16 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:16.866862 2026] [:error] [pid 16537:tid 16556] [client 216.73.217.139:46703] 
[Fri Jun 12 05:14:16.919697 2026] [:error] [pid 25977:tid 25994] [client 216.73.217.139:20381] Could not write to logfile:
[Fri Jun 12 05:14:16.919788 2026] [:error] [pid 25977:tid 25994] [client 216.73.217.139:20381] Printing message to stderr:
[Fri Jun 12 05:14:16.919895 2026] [:error] [pid 25977:tid 25994] [client 216.73.217.139:20381] [Fri Jun 12 05:14:16 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:16.919900 2026] [:error] [pid 25977:tid 25994] [client 216.73.217.139:20381] 
[Fri Jun 12 05:14:16.984666 2026] [:error] [pid 20364:tid 20376] [client 74.7.242.20:42172] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-o[Fri Jun 12 05:14:21.351787 2026] [:error] [pid 20364:tid 20375] [client 216.73.217.139:21186] Printing message to stderr:
[Fri Jun 12 05:14:21.357245 2026] [:error] [pid 20364:tid 20375] [client 216.73.217.139:21186] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.357255 2026] [:error] [pid 20364:tid 20375] [client 216.73.217.139:21186] 
[Fri Jun 12 05:14:21.419657 2026] [:error] [pid 9359:tid 9370] [client 57.141.2.28:23729] Could not write to logfile:
[Fri Jun 12 05:14:21.419732 2026] [:error] [pid 9359:tid 9370] [client 57.141.2.28:23729] Printing message to stderr:
[Fri Jun 12 05:14:21.419863 2026] [:error] [pid 9359:tid 9370] [client 57.141.2.28:23729] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.419869 2026] [:error] [pid 9359:tid 9370] [client 57.141.2.28:23729] 
[Fri Jun 12 05:14:21.422646 2026] [:error] [pid 16178:tid 16186] [client 216.73.217.139:65018] Could not write to logfile:
[Fri Jun 12 05:14:21.422715 2026] [:error] [pid 16178:tid 16186] [client 216.73.217.139:65018] Printing message to stderr:
[Fri Jun 12 05:14:21.422826 2026] [:error] [pid 16178:tid 16186] [client 216.73.217.139:65018] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.422833 2026] [:error] [pid 16178:tid 16186] [client 216.73.217.139:65018] 
[Fri Jun 12 05:14:21.450676 2026] [:error] [pid 30915:tid 30918] [client 57.141.2.27:43723] Could not write to logfile:
[Fri Jun 12 05:14:21.450734 2026] [:error] [pid 30915:tid 30918] [client 57.141.2.27:43723] Printing message to stderr:
[Fri Jun 12 05:14:21.450874 2026] [:error] [pid 30915:tid 30918] [client 57.141.2.27:43723] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.450880 2026] [:error] [pid 30915:tid 30918] [client 57.141.2.27:43723] 
[Fri Jun 12 05:14:21.546649 2026] [:error] [pid 16537:tid 16566] [client 57.141.2.51:58162] Could not write to logfile:
[Fri Jun 12 05:14:21.546726 2026] [:error] [pid 16537:tid 16566] [client 57.141.2.51:58162] Printing message to stderr:
[Fri Jun 12 05:14:21.546835 2026] [:error] [pid 16537:tid 16566] [client 57.141.2.51:58162] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.546840 2026] [:error] [pid 16537:tid 16566] [client 57.141.2.51:58162] 
[Fri Jun 12 05:14:21.551645 2026] [:error] [pid 16537:tid 16559] [client 216.73.217.139:42006] Could not write to logfile:
[Fri Jun 12 05:14:21.551698 2026] [:error] [pid 16537:tid 16559] [client 216.73.217.139:42006] Printing message to stderr:
[Fri Jun 12 05:14:21.551810 2026] [:error] [pid 16537:tid 16559] [client 216.73.217.139:42006] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.551815 2026] [:error] [pid 16537:tid 16559] [client 216.73.217.139:42006] 
[Fri Jun 12 05:14:21.593650 2026] [:error] [pid 25977:tid 25991] [client 216.73.217.139:20901] Could not write to logfile:
[Fri Jun 12 05:14:21.593755 2026] [:error] [pid 25977:tid 25991] [client 216.73.217.139:20901] Printing message to stderr:
[Fri Jun 12 05:14:21.593864 2026] [:error] [pid 25977:tid 25991] [client 216.73.217.139:20901] [Fri Jun 12 05:14:21 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:14:21.593887 2026] [:error] [pid 25977:tid 25991] [client 216.73.217.139:20901] 
[Fri Jun 12 05:14:21.656950 2026] [:error] [pid 9359:tid 9369] [client 74.7.241.47:48108] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/de[Fri Jun 12 05:24:37.202847 2026] [:error] [pid 16178:tid 16183] [client 216.73.217.139:1978] Printing message to stderr:
[Fri Jun 12 05:24:37.206278 2026] [:error] [pid 16178:tid 16183] [client 216.73.217.139:1978] [Fri Jun 12 05:24:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:37.206288 2026] [:error] [pid 16178:tid 16183] [client 216.73.217.139:1978] 
[Fri Jun 12 05:24:37.229638 2026] [:error] [pid 30915:tid 30923] [client 216.73.217.139:33790] Could not write to logfile:
[Fri Jun 12 05:24:37.229707 2026] [:error] [pid 30915:tid 30923] [client 216.73.217.139:33790] Printing message to stderr:
[Fri Jun 12 05:24:37.229814 2026] [:error] [pid 30915:tid 30923] [client 216.73.217.139:33790] [Fri Jun 12 05:24:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:37.229820 2026] [:error] [pid 30915:tid 30923] [client 216.73.217.139:33790] 
[Fri Jun 12 05:24:37.301692 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/ptmx/subsystem/tty1/subsystem/tty7/subsystem/tty/subsystem/console/subsystem
[Fri Jun 12 05:24:37.301812 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/ptmx/subsystem/tty1/subsystem/tty7/subsystem/tty/subsystem/console/subsystem
[Fri Jun 12 05:24:37.301940 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] [Fri Jun 12 05:24:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/ptmx/subsystem/tty1/subsystem/tty7/subsystem/tty/subsystem/console/subsystem
[Fri Jun 12 05:24:37.301946 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/ptmx/subsystem/tty1/subsystem/tty7/subsystem/tty/subsystem/console/subsystem
[Fri Jun 12 05:24:37.334647 2026] [:error] [pid 16537:tid 16552] [client 216.73.217.139:4482] Could not write to logfile:
[Fri Jun 12 05:24:37.334733 2026] [:error] [pid 16537:tid 16552] [client 216.73.217.139:4482] Printing message to stderr:
[Fri Jun 12 05:24:37.334897 2026] [:error] [pid 16537:tid 16552] [client 216.73.217.139:4482] [Fri Jun 12 05:24:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:37.334903 2026] [:error] [pid 16537:tid 16552] [client 216.73.217.139:4482] 
[Fri Jun 12 05:24:37.344649 2026] [:error] [pid 20364:tid 20390] [client 74.7.241.47:35252] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdc/device/block/sdc/subsystem/sdb/subsystem/sdb/subsystem/sda/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/subsystem/sda/device/block/sda/subsystem
[Fri Jun 12 05:24:37.344706 2026] [:error] [pid 20364:tid 20390] [client 74.7.241.47:35252] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdc/device/block/sdc/subsystem/sdb/subsystem/sdb/subsystem/sda/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/subsystem/sda/device/block/sda/subsystem
[Fri Jun 12 05:24:37.344833 2026] [:error] [pid 20364:tid 20390] [client 74.7.241.47:35252] [Fri Jun 12 05:24:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsyst[Fri Jun 12 05:24:52.047621 2026] [:error] [pid 25977:tid 26002] [client 216.73.217.139:26109] 
[Fri Jun 12 05:24:52.104646 2026] [:error] [pid 25977:tid 26004] [client 216.73.217.139:58806] Could not write to logfile:
[Fri Jun 12 05:24:52.104706 2026] [:error] [pid 25977:tid 26004] [client 216.73.217.139:58806] Printing message to stderr:
[Fri Jun 12 05:24:52.104835 2026] [:error] [pid 25977:tid 26004] [client 216.73.217.139:58806] [Fri Jun 12 05:24:52 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:52.104840 2026] [:error] [pid 25977:tid 26004] [client 216.73.217.139:58806] 
[Fri Jun 12 05:24:52.139656 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/tty55/subsystem/console/subsystem/tty/subsystem
[Fri Jun 12 05:24:52.139724 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/tty55/subsystem/console/subsystem/tty/subsystem
[Fri Jun 12 05:24:52.139832 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] [Fri Jun 12 05:24:52 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/tty55/subsystem/console/subsystem/tty/subsystem
[Fri Jun 12 05:24:52.139837 2026] [:error] [pid 16178:tid 16186] [client 74.7.241.8:54046] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/ttyS0/subsystem/tty55/subsystem/console/subsystem/tty/subsystem
[Fri Jun 12 05:24:52.266641 2026] [:error] [pid 30915:tid 30921] [client 216.73.217.139:64577] Could not write to logfile:
[Fri Jun 12 05:24:52.266711 2026] [:error] [pid 30915:tid 30921] [client 216.73.217.139:64577] Printing message to stderr:
[Fri Jun 12 05:24:52.266855 2026] [:error] [pid 30915:tid 30921] [client 216.73.217.139:64577] [Fri Jun 12 05:24:52 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:52.266861 2026] [:error] [pid 30915:tid 30921] [client 216.73.217.139:64577] 
[Fri Jun 12 05:24:52.286639 2026] [:error] [pid 16537:tid 16564] [client 74.7.242.25:44478] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/input/input2/mouse0/device/js0/subsystem/input3/mouse1
[Fri Jun 12 05:24:52.286707 2026] [:error] [pid 16537:tid 16564] [client 74.7.242.25:44478] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/input/input2/mouse0/device/js0/subsystem/input3/mouse1
[Fri Jun 12 05:24:52.286815 2026] [:error] [pid 16537:tid 16564] [client 74.7.242.25:44478] [Fri Jun 12 05:24:52 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/input/input2/mouse0/device/js0/subsystem/input3/mouse1
[Fri Jun 12 05:24:52.286821 2026] [:error] [pid 16537:tid 16564] [client 74.7.242.25:44478] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/input/input2/mouse0/device/js0/subsystem/input3/mouse1
[Fri Jun 12 05:24:52.460444 2026] [:error] [pid 16178:tid 16204] [client 216.73.217.139:12961] Could not write to logfile:
[Fri Jun 12 05:24:52.460504 2026] [:error] [pid 16178:tid 16204] [client 216.73.217.139:12961] Printing message to stderr:
[Fri Jun 12 05:24:52.460633 2026] [:error] [pid 16178:tid 16204] [client 216.73.217.139:12961] [Fri Jun 12 05:24:52 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:24:52.460641 2026] [:error] [pid 16178:tid 16204] [client 216.73.217.139:12961] 
[Fri Jun 12 05:24:52.503645 2026] [:error] [pid 20364:tid 20381] [client 216.73.217.139:6831] [Fri Jun 12 05:28:00.389642 2026] [:error] [pid 9359:tid 9377] [client 216.73.217.139:46064] Could not write to logfile:
[Fri Jun 12 05:28:00.395154 2026] [:error] [pid 9359:tid 9377] [client 216.73.217.139:46064] Printing message to stderr:
[Fri Jun 12 05:28:00.395285 2026] [:error] [pid 9359:tid 9377] [client 216.73.217.139:46064] [Fri Jun 12 05:28:00 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:28:00.395291 2026] [:error] [pid 9359:tid 9377] [client 216.73.217.139:46064] 
[Fri Jun 12 05:28:00.402756 2026] [:error] [pid 16537:tid 16546] [client 74.7.241.47:44706] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/subsystem/sda/subsystem/sda/device/generic/device/generic/device
[Fri Jun 12 05:28:00.402813 2026] [:error] [pid 16537:tid 16546] [client 74.7.241.47:44706] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/subsystem/sda/subsystem/sda/device/generic/device/generic/device
[Fri Jun 12 05:28:00.402926 2026] [:error] [pid 16537:tid 16546] [client 74.7.241.47:44706] [Fri Jun 12 05:28:00 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/subsystem/sda/subsystem/sda/device/generic/device/generic/device
[Fri Jun 12 05:28:00.402932 2026] [:error] [pid 16537:tid 16546] [client 74.7.241.47:44706] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/subsystem/sda/subsystem/sda/device/generic/device/generic/device
[Fri Jun 12 05:28:00.413677 2026] [:error] [pid 25977:tid 25992] [client 216.73.217.139:16138] Could not write to logfile:
[Fri Jun 12 05:28:00.413741 2026] [:error] [pid 25977:tid 25992] [client 216.73.217.139:16138] Printing message to stderr:
[Fri Jun 12 05:28:00.413853 2026] [:error] [pid 25977:tid 25992] [client 216.73.217.139:16138] [Fri Jun 12 05:28:00 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:28:00.413859 2026] [:error] [pid 25977:tid 25992] [client 216.73.217.139:16138] 
[Fri Jun 12 05:28:00.618643 2026] [:error] [pid 25977:tid 25981] [client 216.73.217.139:38875] Could not write to logfile:
[Fri Jun 12 05:28:00.618698 2026] [:error] [pid 25977:tid 25981] [client 216.73.217.139:38875] Printing message to stderr:
[Fri Jun 12 05:28:00.618802 2026] [:error] [pid 25977:tid 25981] [client 216.73.217.139:38875] [Fri Jun 12 05:28:00 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:28:00.618807 2026] [:error] [pid 25977:tid 25981] [client 216.73.217.139:38875] 
[Fri Jun 12 05:28:00.643708 2026] [:error] [pid 25977:tid 26003] [client 74.7.242.20:33656] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-oYOILkD7.php?path=/disk001/machen/www/a1b2c3d4/static/js
[Fri Jun 12 05:28:00.643762 2026] [:error] [pid 25977:tid 26003] [client 74.7.242.20:33656] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-oYOILkD7.php?path=/disk001/machen/www/a1b2c3d4/static/js
[Fri Jun 12 05:28:00.643887 2026] [:error] [pid 25977:tid 26003] [client 74.7.242.20:33656] [Fri[Fri Jun 12 05:31:28.917735 2026] [:error] [pid 20364:tid 20388] [client 216.73.217.139:52780] [Fri Jun 12 05:31:28 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:31:28.917754 2026] [:error] [pid 20364:tid 20388] [client 216.73.217.139:52780] 
[Fri Jun 12 05:31:29.000634 2026] [:error] [pid 16537:tid 16555] [client 216.73.217.139:27188] Could not write to logfile:
[Fri Jun 12 05:31:29.000703 2026] [:error] [pid 16537:tid 16555] [client 216.73.217.139:27188] Printing message to stderr:
[Fri Jun 12 05:31:29.000814 2026] [:error] [pid 16537:tid 16555] [client 216.73.217.139:27188] [Fri Jun 12 05:31:28 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:31:29.000820 2026] [:error] [pid 16537:tid 16555] [client 216.73.217.139:27188] 
[Fri Jun 12 05:31:29.112780 2026] [:error] [pid 20364:tid 20378] [client 216.73.217.139:60786] Could not write to logfile:
[Fri Jun 12 05:31:29.112869 2026] [:error] [pid 20364:tid 20378] [client 216.73.217.139:60786] Printing message to stderr:
[Fri Jun 12 05:31:29.112981 2026] [:error] [pid 20364:tid 20378] [client 216.73.217.139:60786] [Fri Jun 12 05:31:29 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:31:29.112987 2026] [:error] [pid 20364:tid 20378] [client 216.73.217.139:60786] 
[Fri Jun 12 05:31:29.180640 2026] [:error] [pid 9359:tid 9369] [client 74.7.241.47:37650] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdb/device/block/sdb/device/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sda/bdi/subsystem
[Fri Jun 12 05:31:29.180730 2026] [:error] [pid 9359:tid 9369] [client 74.7.241.47:37650] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdb/device/block/sdb/device/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sda/bdi/subsystem
[Fri Jun 12 05:31:29.180835 2026] [:error] [pid 9359:tid 9369] [client 74.7.241.47:37650] [Fri Jun 12 05:31:29 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdb/device/block/sdb/device/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sda/bdi/subsystem
[Fri Jun 12 05:31:29.180841 2026] [:error] [pid 9359:tid 9369] [client 74.7.241.47:37650] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdb/device/block/sdb/device/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sda/bdi/subsystem
[Fri Jun 12 05:31:29.258667 2026] [:error] [pid 30915:tid 30918] [client 216.73.217.139:18621] Could not write to logfile:
[Fri Jun 12 05:31:29.258903 2026] [:error] [pid 30915:tid 30918] [client 216.73.217.139:18621] Printing message to stderr:
[Fri Jun 12 05:31:29.259019 2026] [:error] [pid 30915:tid 30918] [client 216.73.217.139:18621] [Fri Jun 12 05:31:29 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:31:29.259025 2026] [:error] [pid 30915:tid 30918] [client 216.73.217.139:18621] 
[Fri Jun 12 05:31:29.276653 2026] [:error] [pid 9359:tid 9381] [client 57.141.2.63:23478] Could not write to logfile:
[Fri Jun 12 05:31:29.27671[Fri Jun 12 05:43:34.475720 2026] [:error] [pid 20364:tid 20379] [client 74.7.242.25:47220] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/scsi_host/host4/subsystem/host3/subsystem/host3/subsystem
[Fri Jun 12 05:43:34.479854 2026] [:error] [pid 20364:tid 20379] [client 74.7.242.25:47220] [Fri Jun 12 05:43:34 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/scsi_host/host4/subsystem/host3/subsystem/host3/subsystem
[Fri Jun 12 05:43:34.479864 2026] [:error] [pid 20364:tid 20379] [client 74.7.242.25:47220] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/scsi_host/host4/subsystem/host3/subsystem/host3/subsystem
[Fri Jun 12 05:43:36.724683 2026] [:error] [pid 9359:tid 9366] [client 74.7.241.47:52728] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/device/block/sdc/subsystem/sda
[Fri Jun 12 05:43:36.724772 2026] [:error] [pid 9359:tid 9366] [client 74.7.241.47:52728] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/device/block/sdc/subsystem/sda
[Fri Jun 12 05:43:36.724914 2026] [:error] [pid 9359:tid 9366] [client 74.7.241.47:52728] [Fri Jun 12 05:43:36 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/device/block/sdc/subsystem/sda
[Fri Jun 12 05:43:36.724936 2026] [:error] [pid 9359:tid 9366] [client 74.7.241.47:52728] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/device/block/sdc/subsystem/sda
[Fri Jun 12 05:43:36.742671 2026] [:error] [pid 9359:tid 9369] [client 216.73.217.139:12733] Could not write to logfile:
[Fri Jun 12 05:43:36.742729 2026] [:error] [pid 9359:tid 9369] [client 216.73.217.139:12733] Printing message to stderr:
[Fri Jun 12 05:43:36.742857 2026] [:error] [pid 9359:tid 9369] [client 216.73.217.139:12733] [Fri Jun 12 05:43:36 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:43:36.742862 2026] [:error] [pid 9359:tid 9369] [client 216.73.217.139:12733] 
[Fri Jun 12 05:43:36.891782 2026] [:error] [pid 20364:tid 20384] [client 216.73.217.139:37651] Could not write to logfile:
[Fri Jun 12 05:43:36.891855 2026] [:error] [pid 20364:tid 20384] [client 216.73.217.139:37651] Printing message to stderr:
[Fri Jun 12 05:43:36.891980 2026] [:error] [pid 20364:tid 20384] [client 216.73.217.139:37651] [Fri Jun 12 05:43:36 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 05:43:36.891986 2026] [:error] [pid 20364:tid 20384] [client 216.73.217.139:37651] 
[Fri Jun 12 05:43:36.900781 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.21:38070] Could not write to logfile:
[Fri Jun 12 05:43:36.900833 2026] [:error] [pid 30915:tid 30938] [client 57.141.2.21:38070] Printing message to stderr:
[F[Fri Jun 12 16:07:03.481301 2026] [:error] [pid 13771:tid 13785] [client 216.73.217.139:52894] Could not write to logfile:
[Fri Jun 12 16:07:03.484673 2026] [:error] [pid 13771:tid 13785] [client 216.73.217.139:52894] Printing message to stderr:
[Fri Jun 12 16:07:03.484796 2026] [:error] [pid 13771:tid 13785] [client 216.73.217.139:52894] [Fri Jun 12 16:07:03 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:07:03.484802 2026] [:error] [pid 13771:tid 13785] [client 216.73.217.139:52894] 
[Fri Jun 12 16:11:49.449654 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device/block/sdc/device/subsystem
[Fri Jun 12 16:11:49.449737 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device/block/sdc/device/subsystem
[Fri Jun 12 16:11:49.449924 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] [Fri Jun 12 16:11:49 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device/block/sdc/device/subsystem
[Fri Jun 12 16:11:49.449936 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device/block/sdc/device/subsystem
[Fri Jun 12 16:11:49.524733 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/device/block/sdb/subsystem/sdb1/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device
[Fri Jun 12 16:11:49.524854 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/device/block/sdb/subsystem/sdb1/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device
[Fri Jun 12 16:11:49.524980 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] [Fri Jun 12 16:11:49 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/device/block/sdb/subsystem/sdb1/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device
[Fri Jun 12 16:11:49.524986 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/device/block/sdb/subsystem/sdb1/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdc/device
[Fri Jun 12 16:11:49.538670 2026] [:error] [pid 13771:tid 13779] [Fri Jun 12 16:12:08.754751 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdb/subsystem/sdb/device
[Fri Jun 12 16:12:08.779704 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdb/subsystem/sdb/device
[Fri Jun 12 16:12:08.779918 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] [Fri Jun 12 16:12:08 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdb/subsystem/sdb/device
[Fri Jun 12 16:12:08.779932 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:36162] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda/device/block/sda/subsystem/sdc/subsystem/sdb/subsystem/sda/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subsystem/sdb/subsystem/sdb/device
[Fri Jun 12 16:12:08.790059 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sdb/subsystem/loop0/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/device/block/sdc/subsystem/sdc
[Fri Jun 12 16:12:08.790117 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sdb/subsystem/loop0/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/device/block/sdc/subsystem/sdc
[Fri Jun 12 16:12:08.790271 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] [Fri Jun 12 16:12:08 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sdb/subsystem/loop0/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/device/block/sdc/subsystem/sdc
[Fri Jun 12 16:12:08.790276 2026] [:error] [pid 13670:tid 13679] [client 74.7.242.20:46664] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sdb/subsystem/loop0/subsystem/sda/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/device/block/sdc/subsystem/sdc
[Fri Jun 12 16:12:08.835667 2026] [:error] [pid 13771:tid 13779] [client 74.7.241.8:47436] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/console/subsystem/tty17
[Fri Jun 12 16:12:08.835778 2026] [:error] [pid 13771:tid 13779] [client 74.7.241.8:47436] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/console/subsystem/tty17
[Fri Jun 12 16:12:08.835884[Fri Jun 12 16:25:05.262787 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:51040] [Fri Jun 12 16:25:05 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sda/subsystem/sdb/subsystem/sdb/device/block/sdb/device/generic/device/block/sdb/subsystem/sda/subsystem/sdb/queue
[Fri Jun 12 16:25:05.266746 2026] [:error] [pid 28519:tid 28546] [client 74.7.241.47:51040] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/subsystem/sda/subsystem/sdb/subsystem/sdb/device/block/sdb/device/generic/device/block/sdb/subsystem/sda/subsystem/sdb/queue
[Fri Jun 12 16:25:07.267659 2026] [:error] [pid 6263:tid 6276] [client 216.73.217.139:8058] Could not write to logfile:
[Fri Jun 12 16:25:07.267732 2026] [:error] [pid 6263:tid 6276] [client 216.73.217.139:8058] Printing message to stderr:
[Fri Jun 12 16:25:07.267916 2026] [:error] [pid 6263:tid 6276] [client 216.73.217.139:8058] [Fri Jun 12 16:25:07 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:25:07.267921 2026] [:error] [pid 6263:tid 6276] [client 216.73.217.139:8058] 
[Fri Jun 12 16:25:07.319662 2026] [:error] [pid 24898:tid 24917] [client 57.141.2.43:24956] Could not write to logfile:
[Fri Jun 12 16:25:07.319743 2026] [:error] [pid 24898:tid 24917] [client 57.141.2.43:24956] Printing message to stderr:
[Fri Jun 12 16:25:07.319854 2026] [:error] [pid 24898:tid 24917] [client 57.141.2.43:24956] [Fri Jun 12 16:25:07 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:25:07.319860 2026] [:error] [pid 24898:tid 24917] [client 57.141.2.43:24956] 
[Fri Jun 12 16:25:07.372797 2026] [:error] [pid 28519:tid 28523] [client 216.73.217.139:52708] Could not write to logfile:
[Fri Jun 12 16:25:07.372860 2026] [:error] [pid 28519:tid 28523] [client 216.73.217.139:52708] Printing message to stderr:
[Fri Jun 12 16:25:07.372967 2026] [:error] [pid 28519:tid 28523] [client 216.73.217.139:52708] [Fri Jun 12 16:25:07 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:25:07.372973 2026] [:error] [pid 28519:tid 28523] [client 216.73.217.139:52708] 
[Fri Jun 12 16:25:07.383671 2026] [:error] [pid 26243:tid 26275] [client 74.7.241.8:53742] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/ptmx/subsystem/tty6/subsystem/tty1
[Fri Jun 12 16:25:07.383769 2026] [:error] [pid 26243:tid 26275] [client 74.7.241.8:53742] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/ptmx/subsystem/tty6/subsystem/tty1
[Fri Jun 12 16:25:07.383883 2026] [:error] [pid 26243:tid 26275] [client 74.7.241.8:53742] [Fri Jun 12 16:25:07 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/ptmx/subsystem/tty6/subsystem/tty1
[Fri Jun 12 16:25:07.383889 2026] [:error] [pid 26243:tid 26275] [client 74.7.241.8:53742] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/ptmx/subsystem/tty6/subsystem/tty1
[Fri Jun 12 16:25:07.499662 2026] [:error] [pid 26243:tid 26264] [client 216.73.217.139:44141] Could not write to logfile:
[Fri Jun 12 16:25:07.499725 2026] [:error] [pid[Fri Jun 12 16:31:46.968756 2026] [:error] [pid 24898:tid 24916] [client 57.141.2.42:23462] [Fri Jun 12 16:31:46 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:31:46.971819 2026] [:error] [pid 24898:tid 24916] [client 57.141.2.42:23462] 
[Fri Jun 12 16:31:46.975645 2026] [:error] [pid 6263:tid 6273] [client 216.73.217.139:58088] Could not write to logfile:
[Fri Jun 12 16:31:46.975701 2026] [:error] [pid 6263:tid 6273] [client 216.73.217.139:58088] Printing message to stderr:
[Fri Jun 12 16:31:46.975812 2026] [:error] [pid 6263:tid 6273] [client 216.73.217.139:58088] [Fri Jun 12 16:31:46 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:31:46.975818 2026] [:error] [pid 6263:tid 6273] [client 216.73.217.139:58088] 
[Fri Jun 12 16:31:46.997666 2026] [:error] [pid 24898:tid 24905] [client 74.7.242.25:44502] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/tty7/subsystem/ptmx/subsystem/ttyS3
[Fri Jun 12 16:31:46.997768 2026] [:error] [pid 24898:tid 24905] [client 74.7.242.25:44502] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/tty7/subsystem/ptmx/subsystem/ttyS3
[Fri Jun 12 16:31:46.997893 2026] [:error] [pid 24898:tid 24905] [client 74.7.242.25:44502] [Fri Jun 12 16:31:46 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/tty7/subsystem/ptmx/subsystem/ttyS3
[Fri Jun 12 16:31:46.997899 2026] [:error] [pid 24898:tid 24905] [client 74.7.242.25:44502] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty46/subsystem/tty7/subsystem/ptmx/subsystem/ttyS3
[Fri Jun 12 16:31:47.108674 2026] [:error] [pid 26243:tid 26267] [client 74.7.241.8:45836] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/tty1/subsystem/tty3/subsystem
[Fri Jun 12 16:31:47.108775 2026] [:error] [pid 26243:tid 26267] [client 74.7.241.8:45836] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/tty1/subsystem/tty3/subsystem
[Fri Jun 12 16:31:47.108885 2026] [:error] [pid 26243:tid 26267] [client 74.7.241.8:45836] [Fri Jun 12 16:31:47 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/tty1/subsystem/tty3/subsystem
[Fri Jun 12 16:31:47.108891 2026] [:error] [pid 26243:tid 26267] [client 74.7.241.8:45836] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/ttyS3/subsystem/tty/subsystem/tty1/subsystem/tty3/subsystem
[Fri Jun 12 16:31:47.130659 2026] [:error] [pid 24898:tid 24921] [client 216.73.217.139:24624] Could not write to logfile:
[Fri Jun 12 16:31:47.130736 2026] [:error] [pid 24898:tid 24921] [client 216.73.217.139:24624] Printing message to stderr:
[Fri Jun 12 16:31:47.130882 2026] [:error] [pid 24898:tid 24921] [client 216.73.217.139:24624] [Fri Jun 12 16:31:47 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 16:31:47.130890 2026] [:error] [pid 24898:tid 24921] [client 216.73.217.139:24624] 
[Fri Jun 12 16:31:47.165685 2026] [:error] [pid 28266:tid 28283] [client 74.7.242.20:33280] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sdc/device/block/sdc/subsystem/sda/subsystem/sda/subsystem/fd0/subsystem/sdc/subsystem/sdb/device/generic/device/block/sdb/subs[Fri Jun 12 17:36:58.503335 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity for Apache/2.9.13 (http://www.modsecurity.org/) configured.
[Fri Jun 12 17:36:58.517144 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: APR compiled version="1.7.6"; loaded version="1.7.6"
[Fri Jun 12 17:36:58.517158 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: PCRE2 compiled version="10.23 "; loaded version="10.23 2017-02-14"
[Fri Jun 12 17:36:58.517162 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: LUA compiled version="Lua 5.1"
[Fri Jun 12 17:36:58.517164 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: YAJL compiled version="2.0.4"
[Fri Jun 12 17:36:58.517166 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: LIBXML compiled version="2.15.3"
[Fri Jun 12 17:36:58.517169 2026] [security2:notice] [pid 2120:tid 2120] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Fri Jun 12 17:36:58.532063 2026] [suexec:notice] [pid 2120:tid 2120] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jun 12 17:36:59.347675 2026] [systemd:notice] [pid 2217:tid 2217] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Fri Jun 12 17:36:59.367368 2026] [mpm_worker:notice] [pid 2217:tid 2217] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4 configured -- resuming normal operations
[Fri Jun 12 17:36:59.367417 2026] [core:notice] [pid 2217:tid 2217] AH00094: Command line: '/usr/sbin/httpd'
[Fri Jun 12 17:38:44.102347 2026] [security2:error] [pid 2223:tid 2302] [client 160.251.206.227:55236] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aixuVIx9ljkwb-moN0cogAAAABE"], referer: http://13.84.161.190
[Fri Jun 12 17:38:44.660969 2026] [security2:error] [pid 2225:tid 2251] [client 160.251.206.227:55246] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aixuVAlfXplIDQ7S_d_1ZgAAAJI"]
[Fri Jun 12 17:41:26.057404 2026] [security2:error] [pid 2223:tid 2292] [client 185.242.226.113:54863] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aixu9ox9ljkwb-moN0cpvQAAAAc"]
[Fri Jun 12 17:51:35.456991 2026] [security2:error] [pid 2225:tid 2252] [client 185.93.89.167:13251] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxVwlfXplIDQ7S_d8A9QAAAJM"]
[Fri Jun 12 17:51:35.457299 2026] [security2:error] [pid 2225:tid 2252] [client 185.93.89.167:13251] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxVwlfXplIDQ7S_d8A9QAAAJM"]
[Fri Jun 12 17:51:35.457609 2026] [security2:error] [pid 2225:tid 2252] [client 185.93.89.167:13251] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxVwlfXplIDQ7S_d8A9QAAAJM"]
[Fri Jun 12 17:51:36.120479 2026] [security2:error] [pid 2225:tid 2246] [client 185.93.89.167:27947] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxWAlfXplIDQ7S_d8A-gAAAI0"]
[Fri Jun 12 17:51:36.120792 2026] [security2:error] [pid 2225:tid 2246] [client 185.93.89.167:27947] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxWAlfXplIDQ7S_d8A-gAAAI0"]
[Fri Jun 12 17:51:36.121172 2026] [security2:error] [pid 2225:tid 2246] [client 185.93.89.167:27947] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "sonneconsultoria.com.br"] [uri "/.env"] [unique_id "aixxWAlfXplIDQ7S_d8A-gAAAI0"]
[Fri Jun 12 17:53:31.743868 2026] [security2:error] [pid 2223:tid 2305] [client 124.220.42.101:60228] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aixxy4x9ljkwb-moN0c3DAAAABQ"]
[Fri Jun 12 18:00:55.670616 2026] [security2:error] [pid 2224:tid 2322] [client 20.237.136.217:60146] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aixzhwu4gSu8gm44bgY_fQAAAEs"]
[Fri Jun 12 18:00:56.873554 2026] [security2:error] [pid 2224:tid 2322] [client 20.237.136.217:60146] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aixziAu4gSu8gm44bgY_hgAAAEs"]
[Fri Jun 12 18:00:58.270225 2026] [ssl:error] [pid 2224:tid 2322] [client 20.237.136.217:60146] AH02032: Hostname machen.ai (default host as no SNI was provided) and hostname api.machen.ai provided via HTTP have no compatible SSL setup for policy 'secure'
[Fri Jun 12 18:01:23.586371 2026] [security2:error] [pid 2224:tid 2319] [client 34.123.82.129:50618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aixzowu4gSu8gm44bgZApAAAAEg"]
[Fri Jun 12 18:01:23.586602 2026] [security2:error] [pid 2224:tid 2319] [client 34.123.82.129:50618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fl.machen.ai"] [uri "/.env"] [unique_id "aixzowu4gSu8gm44bgZApAAAAEg"]
[Fri Jun 12 18:01:24.306141 2026] [security2:error] [pid 2224:tid 2319] [client 34.123.82.129:50618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fl.machen.ai"] [uri "/index.php"] [unique_id "aixzowu4gSu8gm44bgZApAAAAEg"]
[Fri Jun 12 18:01:34.800112 2026] [security2:error] [pid 2225:tid 2235] [client 34.123.82.129:5524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aixzrglfXplIDQ7S_d8NSgAAAII"]
[Fri Jun 12 18:01:34.800467 2026] [security2:error] [pid 2225:tid 2235] [client 34.123.82.129:5524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.fls.machen.ai"] [uri "/.env"] [unique_id "aixzrglfXplIDQ7S_d8NSgAAAII"]
[Fri Jun 12 18:01:34.859155 2026] [security2:error] [pid 2225:tid 2235] [client 34.123.82.129:5524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.fls.machen.ai"] [uri "/index.php"] [unique_id "aixzrglfXplIDQ7S_d8NSgAAAII"]
[Fri Jun 12 18:06:03.731570 2026] [security2:error] [pid 2226:tid 2277] [client 43.130.16.140:57230] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aix0u1FRtWWq5keUhiZAiAAAANI"], referer: http://13.84.161.190
[Fri Jun 12 18:06:03.731646 2026] [security2:error] [pid 2226:tid 2277] [client 43.130.16.140:57230] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aix0u1FRtWWq5keUhiZAiAAAANI"], referer: http://13.84.161.190
[Fri Jun 12 18:06:03.732145 2026] [security2:error] [pid 2226:tid 2277] [client 43.130.16.140:57230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aix0u1FRtWWq5keUhiZAiAAAANI"], referer: http://13.84.161.190
[Fri Jun 12 18:06:04.172932 2026] [security2:error] [pid 2226:tid 2277] [client 43.130.16.140:57230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aix0u1FRtWWq5keUhiZAiAAAANI"], referer: http://13.84.161.190
[Fri Jun 12 18:06:41.703890 2026] [security2:error] [pid 2225:tid 2251] [client 23.161.169.62:55746] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.git/config"] [unique_id "aix04QlfXplIDQ7S_d8ThwAAAJI"]
[Fri Jun 12 18:06:41.704162 2026] [security2:error] [pid 2225:tid 2251] [client 23.161.169.62:55746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.git/config"] [unique_id "aix04QlfXplIDQ7S_d8ThwAAAJI"]
[Fri Jun 12 18:06:41.713952 2026] [security2:error] [pid 2224:tid 2325] [client 23.161.169.62:55760] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix04Qu4gSu8gm44bgZGDQAAAE4"]
[Fri Jun 12 18:06:41.714262 2026] [security2:error] [pid 2224:tid 2325] [client 23.161.169.62:55760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix04Qu4gSu8gm44bgZGDQAAAE4"]
[Fri Jun 12 18:06:42.267058 2026] [security2:error] [pid 2225:tid 2251] [client 23.161.169.62:55746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aix04QlfXplIDQ7S_d8ThwAAAJI"]
[Fri Jun 12 18:06:42.585678 2026] [security2:error] [pid 2224:tid 2325] [client 23.161.169.62:55760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aix04Qu4gSu8gm44bgZGDQAAAE4"]
[Fri Jun 12 18:07:29.038958 2026] [security2:error] [pid 2225:tid 2241] [client 43.157.170.13:55466] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/_wildcard_/"] [unique_id "aix1EQlfXplIDQ7S_d8UNwAAAIg"]
[Fri Jun 12 18:09:33.357766 2026] [security2:error] [pid 2227:tid 2353] [client 45.148.10.67:34678] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aix1jS7p6yKJCmGXfa8IjQAAARA"]
[Fri Jun 12 18:11:36.567912 2026] [security2:error] [pid 2227:tid 2337] [client 43.164.0.21:35558] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aix2CC7p6yKJCmGXfa8LnwAAAQA"]
[Fri Jun 12 18:15:18.671007 2026] [security2:error] [pid 2223:tid 2295] [client 185.242.226.113:33117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aix25ox9ljkwb-moN0dL5wAAAAo"], referer: http://13.84.161.190:80/
[Fri Jun 12 18:17:33.557629 2026] [security2:error] [pid 2224:tid 2317] [client 20.168.0.218:58150] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aix3bQu4gSu8gm44bgZSdgAAAEY"]
[Fri Jun 12 18:17:33.557798 2026] [security2:error] [pid 2224:tid 2317] [client 20.168.0.218:58150] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aix3bQu4gSu8gm44bgZSdgAAAEY"]
[Fri Jun 12 18:17:33.558230 2026] [security2:error] [pid 2224:tid 2317] [client 20.168.0.218:58150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "aix3bQu4gSu8gm44bgZSdgAAAEY"]
[Fri Jun 12 18:17:34.073574 2026] [security2:error] [pid 2224:tid 2317] [client 20.168.0.218:58150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aix3bQu4gSu8gm44bgZSdgAAAEY"]
[Fri Jun 12 18:17:44.871866 2026] [security2:error] [pid 2226:tid 2270] [client 43.164.133.138:46946] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/cgi-bin/"] [unique_id "aix3eFFRtWWq5keUhiZOUwAAAMs"]
[Fri Jun 12 18:17:44.872741 2026] [cgid:error] [pid 2226:tid 2270] [client 43.164.133.138:46946] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 18:18:34.616450 2026] [security2:error] [pid 2226:tid 2260] [client 128.203.201.208:35204] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/hudson"] [unique_id "aix3qlFRtWWq5keUhiZPNwAAAME"]
[Fri Jun 12 18:18:34.616583 2026] [security2:error] [pid 2226:tid 2260] [client 128.203.201.208:35204] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/hudson"] [unique_id "aix3qlFRtWWq5keUhiZPNwAAAME"]
[Fri Jun 12 18:18:34.616908 2026] [security2:error] [pid 2226:tid 2260] [client 128.203.201.208:35204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/hudson"] [unique_id "aix3qlFRtWWq5keUhiZPNwAAAME"]
[Fri Jun 12 18:18:34.631519 2026] [security2:error] [pid 2226:tid 2260] [client 128.203.201.208:35204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aix3qlFRtWWq5keUhiZPNwAAAME"]
[Fri Jun 12 18:26:55.363626 2026] [security2:error] [pid 2226:tid 2278] [client 43.134.57.179:42784] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aix5n1FRtWWq5keUhiZYTQAAANM"]
[Fri Jun 12 18:33:02.350364 2026] [security2:error] [pid 2223:tid 2294] [client 194.48.248.43:59926] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aix7Dox9ljkwb-moN0dipgAAAAk"]
[Fri Jun 12 18:33:02.350552 2026] [security2:error] [pid 2223:tid 2294] [client 194.48.248.43:59926] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aix7Dox9ljkwb-moN0dipgAAAAk"]
[Fri Jun 12 18:33:02.350969 2026] [security2:error] [pid 2223:tid 2294] [client 194.48.248.43:59926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aix7Dox9ljkwb-moN0dipgAAAAk"]
[Fri Jun 12 18:33:02.351329 2026] [security2:error] [pid 2223:tid 2294] [client 194.48.248.43:59926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aix7Dox9ljkwb-moN0dipgAAAAk"]
[Fri Jun 12 18:34:36.213853 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.git/config"] [unique_id "aix7bAu4gSu8gm44bgZkxAAAAE8"]
[Fri Jun 12 18:34:36.214148 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.git/config"] [unique_id "aix7bAu4gSu8gm44bgZkxAAAAE8"]
[Fri Jun 12 18:34:36.214621 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bAu4gSu8gm44bgZkxAAAAE8"]
[Fri Jun 12 18:34:36.297288 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix7bC7p6yKJCmGXfa8oNgAAARg"]
[Fri Jun 12 18:34:36.297522 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix7bC7p6yKJCmGXfa8oNgAAARg"]
[Fri Jun 12 18:34:36.297829 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bC7p6yKJCmGXfa8oNgAAARg"]
[Fri Jun 12 18:34:36.903989 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env"] [unique_id "aix7bAu4gSu8gm44bgZkyQAAAE8"]
[Fri Jun 12 18:34:36.904205 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env"] [unique_id "aix7bAu4gSu8gm44bgZkyQAAAE8"]
[Fri Jun 12 18:34:36.904574 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bAu4gSu8gm44bgZkyQAAAE8"]
[Fri Jun 12 18:34:37.726270 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env.local"] [unique_id "aix7bQu4gSu8gm44bgZkzQAAAE8"]
[Fri Jun 12 18:34:37.726626 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env.local"] [unique_id "aix7bQu4gSu8gm44bgZkzQAAAE8"]
[Fri Jun 12 18:34:37.727076 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bQu4gSu8gm44bgZkzQAAAE8"]
[Fri Jun 12 18:34:38.918195 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env.production"] [unique_id "aix7bgu4gSu8gm44bgZk1AAAAE8"]
[Fri Jun 12 18:34:38.918438 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env.production"] [unique_id "aix7bgu4gSu8gm44bgZk1AAAAE8"]
[Fri Jun 12 18:34:38.923132 2026] [security2:error] [pid 2224:tid 2326] [client 23.161.169.62:47988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bgu4gSu8gm44bgZk1AAAAE8"]
[Fri Jun 12 18:34:39.428384 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env.development"] [unique_id "aix7by7p6yKJCmGXfa8oRwAAARg"]
[Fri Jun 12 18:34:39.428719 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env.development"] [unique_id "aix7by7p6yKJCmGXfa8oRwAAARg"]
[Fri Jun 12 18:34:39.429133 2026] [security2:error] [pid 2227:tid 2361] [client 23.161.169.62:48002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7by7p6yKJCmGXfa8oRwAAARg"]
[Fri Jun 12 18:34:39.468082 2026] [security2:error] [pid 2223:tid 2302] [client 23.161.169.62:48036] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "matrixswot.machen.ai"] [uri "/.env.bak"] [unique_id "aix7b4x9ljkwb-moN0dkYQAAABE"]
[Fri Jun 12 18:34:39.468272 2026] [security2:error] [pid 2223:tid 2302] [client 23.161.169.62:48036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env.bak"] [unique_id "aix7b4x9ljkwb-moN0dkYQAAABE"]
[Fri Jun 12 18:34:39.468539 2026] [security2:error] [pid 2223:tid 2302] [client 23.161.169.62:48036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env.bak"] [unique_id "aix7b4x9ljkwb-moN0dkYQAAABE"]
[Fri Jun 12 18:34:39.469077 2026] [security2:error] [pid 2223:tid 2302] [client 23.161.169.62:48036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7b4x9ljkwb-moN0dkYQAAABE"]
[Fri Jun 12 18:34:39.556796 2026] [security2:error] [pid 2225:tid 2241] [client 23.161.169.62:48050] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "matrixswot.machen.ai"] [uri "/.env.backup"] [unique_id "aix7bwlfXplIDQ7S_d80-AAAAIg"]
[Fri Jun 12 18:34:39.556961 2026] [security2:error] [pid 2225:tid 2241] [client 23.161.169.62:48050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "matrixswot.machen.ai"] [uri "/.env.backup"] [unique_id "aix7bwlfXplIDQ7S_d80-AAAAIg"]
[Fri Jun 12 18:34:39.557145 2026] [security2:error] [pid 2225:tid 2241] [client 23.161.169.62:48050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "matrixswot.machen.ai"] [uri "/.env.backup"] [unique_id "aix7bwlfXplIDQ7S_d80-AAAAIg"]
[Fri Jun 12 18:34:39.557531 2026] [security2:error] [pid 2225:tid 2241] [client 23.161.169.62:48050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "matrixswot.machen.ai"] [uri "/index.html"] [unique_id "aix7bwlfXplIDQ7S_d80-AAAAIg"]
[Fri Jun 12 18:36:15.355715 2026] [security2:error] [pid 2226:tid 2283] [client 78.153.140.149:40668] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aix7z1FRtWWq5keUhiZi1wAAANg"]
[Fri Jun 12 18:36:15.355976 2026] [security2:error] [pid 2226:tid 2283] [client 78.153.140.149:40668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aix7z1FRtWWq5keUhiZi1wAAANg"]
[Fri Jun 12 18:36:15.356256 2026] [security2:error] [pid 2226:tid 2283] [client 78.153.140.149:40668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aix7z1FRtWWq5keUhiZi1wAAANg"]
[Fri Jun 12 18:36:15.357079 2026] [security2:error] [pid 2226:tid 2283] [client 78.153.140.149:40668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aix7z1FRtWWq5keUhiZi1wAAANg"]
[Fri Jun 12 18:36:15.715034 2026] [security2:error] [pid 2225:tid 2253] [client 78.153.140.149:40676] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aix7zwlfXplIDQ7S_d83igAAAJQ"]
[Fri Jun 12 18:39:03.728353 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.git/config"] [unique_id "aix8dwu4gSu8gm44bgZpVAAAAEM"]
[Fri Jun 12 18:39:03.728544 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.git/config"] [unique_id "aix8dwu4gSu8gm44bgZpVAAAAEM"]
[Fri Jun 12 18:39:03.728884 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8dwu4gSu8gm44bgZpVAAAAEM"]
[Fri Jun 12 18:39:03.742011 2026] [security2:error] [pid 2227:tid 2361] [client 151.243.143.47:40714] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix8dy7p6yKJCmGXfa8tWQAAARg"]
[Fri Jun 12 18:39:03.742201 2026] [security2:error] [pid 2227:tid 2361] [client 151.243.143.47:40714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix8dy7p6yKJCmGXfa8tWQAAARg"]
[Fri Jun 12 18:39:03.742498 2026] [security2:error] [pid 2227:tid 2361] [client 151.243.143.47:40714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8dy7p6yKJCmGXfa8tWQAAARg"]
[Fri Jun 12 18:39:03.927464 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env.local"] [unique_id "aix8d1FRtWWq5keUhiZmMQAAAM8"]
[Fri Jun 12 18:39:03.927598 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env.development"] [unique_id "aix8dwu4gSu8gm44bgZpVQAAAEM"]
[Fri Jun 12 18:39:03.927830 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env.local"] [unique_id "aix8d1FRtWWq5keUhiZmMQAAAM8"]
[Fri Jun 12 18:39:03.927885 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env.development"] [unique_id "aix8dwu4gSu8gm44bgZpVQAAAEM"]
[Fri Jun 12 18:39:03.928228 2026] [security2:error] [pid 2224:tid 2314] [client 151.243.143.47:40700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8dwu4gSu8gm44bgZpVQAAAEM"]
[Fri Jun 12 18:39:03.928275 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8d1FRtWWq5keUhiZmMQAAAM8"]
[Fri Jun 12 18:39:04.135063 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env"] [unique_id "aix8eFFRtWWq5keUhiZmNQAAAM8"]
[Fri Jun 12 18:39:04.135341 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env"] [unique_id "aix8eFFRtWWq5keUhiZmNQAAAM8"]
[Fri Jun 12 18:39:04.135842 2026] [security2:error] [pid 2226:tid 2274] [client 151.243.143.47:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8eFFRtWWq5keUhiZmNQAAAM8"]
[Fri Jun 12 18:39:05.123218 2026] [security2:error] [pid 2226:tid 2282] [client 151.243.143.47:40908] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpanel.machen.ai"] [uri "/.env.backup"] [unique_id "aix8eVFRtWWq5keUhiZmPgAAANc"]
[Fri Jun 12 18:39:05.123419 2026] [security2:error] [pid 2226:tid 2282] [client 151.243.143.47:40908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env.backup"] [unique_id "aix8eVFRtWWq5keUhiZmPgAAANc"]
[Fri Jun 12 18:39:05.123720 2026] [security2:error] [pid 2226:tid 2282] [client 151.243.143.47:40908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env.backup"] [unique_id "aix8eVFRtWWq5keUhiZmPgAAANc"]
[Fri Jun 12 18:39:05.124087 2026] [security2:error] [pid 2226:tid 2282] [client 151.243.143.47:40908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8eVFRtWWq5keUhiZmPgAAANc"]
[Fri Jun 12 18:39:05.144116 2026] [security2:error] [pid 2227:tid 2350] [client 151.243.143.47:40826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env.production"] [unique_id "aix8eS7p6yKJCmGXfa8tYwAAAQ0"]
[Fri Jun 12 18:39:05.144338 2026] [security2:error] [pid 2227:tid 2350] [client 151.243.143.47:40826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env.production"] [unique_id "aix8eS7p6yKJCmGXfa8tYwAAAQ0"]
[Fri Jun 12 18:39:05.145081 2026] [security2:error] [pid 2227:tid 2350] [client 151.243.143.47:40826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8eS7p6yKJCmGXfa8tYwAAAQ0"]
[Fri Jun 12 18:39:05.149008 2026] [security2:error] [pid 2227:tid 2351] [client 151.243.143.47:40766] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpanel.machen.ai"] [uri "/.env.bak"] [unique_id "aix8eS7p6yKJCmGXfa8tZAAAAQ4"]
[Fri Jun 12 18:39:05.149194 2026] [security2:error] [pid 2227:tid 2351] [client 151.243.143.47:40766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpanel.machen.ai"] [uri "/.env.bak"] [unique_id "aix8eS7p6yKJCmGXfa8tZAAAAQ4"]
[Fri Jun 12 18:39:05.149386 2026] [security2:error] [pid 2227:tid 2351] [client 151.243.143.47:40766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.machen.ai"] [uri "/.env.bak"] [unique_id "aix8eS7p6yKJCmGXfa8tZAAAAQ4"]
[Fri Jun 12 18:39:05.149771 2026] [security2:error] [pid 2227:tid 2351] [client 151.243.143.47:40766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpanel.machen.ai"] [uri "/index.html"] [unique_id "aix8eS7p6yKJCmGXfa8tZAAAAQ4"]
[Fri Jun 12 18:39:14.027561 2026] [security2:error] [pid 2224:tid 2328] [client 150.109.230.210:37086] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aix8ggu4gSu8gm44bgZpjAAAAFE"]
[Fri Jun 12 18:42:44.800454 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.git/config"] [unique_id "aix9VC7p6yKJCmGXfa8xCgAAARc"]
[Fri Jun 12 18:42:44.800632 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.git/config"] [unique_id "aix9VC7p6yKJCmGXfa8xCgAAARc"]
[Fri Jun 12 18:42:44.800961 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VC7p6yKJCmGXfa8xCgAAARc"]
[Fri Jun 12 18:42:44.815807 2026] [security2:error] [pid 2225:tid 2249] [client 151.243.143.47:35016] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix9VAlfXplIDQ7S_d8-lgAAAJA"]
[Fri Jun 12 18:42:44.815996 2026] [security2:error] [pid 2225:tid 2249] [client 151.243.143.47:35016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix9VAlfXplIDQ7S_d8-lgAAAJA"]
[Fri Jun 12 18:42:44.816287 2026] [security2:error] [pid 2225:tid 2249] [client 151.243.143.47:35016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VAlfXplIDQ7S_d8-lgAAAJA"]
[Fri Jun 12 18:42:45.003957 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcalendars.machen.ai"] [uri "/.env.backup"] [unique_id "aix9VYx9ljkwb-moN0dsbQAAAAU"]
[Fri Jun 12 18:42:45.004096 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env.backup"] [unique_id "aix9VYx9ljkwb-moN0dsbQAAAAU"]
[Fri Jun 12 18:42:45.004408 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env.backup"] [unique_id "aix9VYx9ljkwb-moN0dsbQAAAAU"]
[Fri Jun 12 18:42:45.005454 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcalendars.machen.ai"] [uri "/.env.bak"] [unique_id "aix9VS7p6yKJCmGXfa8xCwAAARc"]
[Fri Jun 12 18:42:45.005582 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env.bak"] [unique_id "aix9VS7p6yKJCmGXfa8xCwAAARc"]
[Fri Jun 12 18:42:45.005762 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env.bak"] [unique_id "aix9VS7p6yKJCmGXfa8xCwAAARc"]
[Fri Jun 12 18:42:45.006033 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VS7p6yKJCmGXfa8xCwAAARc"]
[Fri Jun 12 18:42:45.006556 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VYx9ljkwb-moN0dsbQAAAAU"]
[Fri Jun 12 18:42:45.205285 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env.production"] [unique_id "aix9VS7p6yKJCmGXfa8xDgAAARc"]
[Fri Jun 12 18:42:45.205571 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env.production"] [unique_id "aix9VS7p6yKJCmGXfa8xDgAAARc"]
[Fri Jun 12 18:42:45.205967 2026] [security2:error] [pid 2227:tid 2360] [client 151.243.143.47:35000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VS7p6yKJCmGXfa8xDgAAARc"]
[Fri Jun 12 18:42:45.207457 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env"] [unique_id "aix9VYx9ljkwb-moN0dsbwAAAAU"]
[Fri Jun 12 18:42:45.207683 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env"] [unique_id "aix9VYx9ljkwb-moN0dsbwAAAAU"]
[Fri Jun 12 18:42:45.212250 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VYx9ljkwb-moN0dsbwAAAAU"]
[Fri Jun 12 18:42:45.410540 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env.development"] [unique_id "aix9VYx9ljkwb-moN0dscAAAAAU"]
[Fri Jun 12 18:42:45.410833 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env.development"] [unique_id "aix9VYx9ljkwb-moN0dscAAAAAU"]
[Fri Jun 12 18:42:45.411215 2026] [security2:error] [pid 2223:tid 2290] [client 151.243.143.47:35028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VYx9ljkwb-moN0dscAAAAAU"]
[Fri Jun 12 18:42:46.415227 2026] [security2:error] [pid 2226:tid 2276] [client 151.243.143.47:35068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcalendars.machen.ai"] [uri "/.env.local"] [unique_id "aix9VlFRtWWq5keUhiZqBQAAANE"]
[Fri Jun 12 18:42:46.415385 2026] [security2:error] [pid 2226:tid 2276] [client 151.243.143.47:35068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcalendars.machen.ai"] [uri "/.env.local"] [unique_id "aix9VlFRtWWq5keUhiZqBQAAANE"]
[Fri Jun 12 18:42:46.415643 2026] [security2:error] [pid 2226:tid 2276] [client 151.243.143.47:35068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcalendars.machen.ai"] [uri "/index.html"] [unique_id "aix9VlFRtWWq5keUhiZqBQAAANE"]
[Fri Jun 12 18:45:09.433195 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Fri Jun 12 18:45:09.893037 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/wpconf.php
[Fri Jun 12 18:45:10.011944 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/Ov-Simple1.php
[Fri Jun 12 18:45:11.644675 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/atomlib.php
[Fri Jun 12 18:45:11.690400 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/loxico93.php
[Fri Jun 12 18:45:11.719609 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/momo.php
[Fri Jun 12 18:45:11.747505 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/asu.php
[Fri Jun 12 18:45:11.932595 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/wolf.php
[Fri Jun 12 18:45:12.156102 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/rum.php
[Fri Jun 12 18:45:12.352549 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/cxl.php
[Fri Jun 12 18:45:12.401867 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/flox.php
[Fri Jun 12 18:45:12.663830 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/drykl.php
[Fri Jun 12 18:45:12.698266 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/h2a2ck.php
[Fri Jun 12 18:45:12.808574 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/777.php
[Fri Jun 12 18:45:12.850447 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/s-axi.php
[Fri Jun 12 18:45:14.301938 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/wp-scanner.php
[Fri Jun 12 18:45:14.449090 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/crgio.php
[Fri Jun 12 18:45:14.496962 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/ops.php
[Fri Jun 12 18:45:14.527643 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/fix.php
[Fri Jun 12 18:45:14.877725 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/htto.php
[Fri Jun 12 18:45:14.912523 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/mg.php
[Fri Jun 12 18:45:14.958468 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/spawns.php
[Fri Jun 12 18:45:15.100124 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/dragonshell.php
[Fri Jun 12 18:45:16.203940 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/samll.php
[Fri Jun 12 18:45:16.230522 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/Cap.php
[Fri Jun 12 18:45:16.256228 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/spire.php
[Fri Jun 12 18:45:16.285603 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/auto.php
[Fri Jun 12 18:45:16.330653 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/twinklingly.php
[Fri Jun 12 18:45:16.365498 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/12.php
[Fri Jun 12 18:45:16.400626 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/cakr3xr4.php
[Fri Jun 12 18:45:16.445829 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/yoy123.php
[Fri Jun 12 18:45:16.474489 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/fff.php
[Fri Jun 12 18:45:16.504801 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/dccs.php
[Fri Jun 12 18:45:16.533567 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/wp-form.php
[Fri Jun 12 18:45:16.562320 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/x.php
[Fri Jun 12 18:45:16.589901 2026] [:error] [pid 2227:tid 2339] [client 130.131.220.154:51089] File does not exist: /disk001/sonne/public_html/invisi.php
[Fri Jun 12 18:45:26.545628 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix99ox9ljkwb-moN0dvDQAAABg"]
[Fri Jun 12 18:45:26.548453 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/HEAD"] [unique_id "aix99ox9ljkwb-moN0dvDQAAABg"]
[Fri Jun 12 18:45:26.548812 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix99ox9ljkwb-moN0dvDQAAABg"]
[Fri Jun 12 18:45:26.551421 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.git/config"] [unique_id "aix99taJbkbJfrdoQW341AAAAUQ"]
[Fri Jun 12 18:45:26.551648 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.git/config"] [unique_id "aix99taJbkbJfrdoQW341AAAAUQ"]
[Fri Jun 12 18:45:26.552075 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix99taJbkbJfrdoQW341AAAAUQ"]
[Fri Jun 12 18:45:26.751966 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env"] [unique_id "aix99taJbkbJfrdoQW341gAAAUQ"]
[Fri Jun 12 18:45:26.752232 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env"] [unique_id "aix99taJbkbJfrdoQW341gAAAUQ"]
[Fri Jun 12 18:45:26.752583 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix99taJbkbJfrdoQW341gAAAUQ"]
[Fri Jun 12 18:45:27.358534 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aix999aJbkbJfrdoQW342wAAAUQ"]
[Fri Jun 12 18:45:27.358679 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aix999aJbkbJfrdoQW342wAAAUQ"]
[Fri Jun 12 18:45:27.358864 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.backup"] [unique_id "aix999aJbkbJfrdoQW342wAAAUQ"]
[Fri Jun 12 18:45:27.359170 2026] [security2:error] [pid 3956:tid 3964] [client 151.243.143.47:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix999aJbkbJfrdoQW342wAAAUQ"]
[Fri Jun 12 18:45:27.950486 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production"] [unique_id "aix994x9ljkwb-moN0dvFwAAABg"]
[Fri Jun 12 18:45:27.950787 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.production"] [unique_id "aix994x9ljkwb-moN0dvFwAAABg"]
[Fri Jun 12 18:45:27.951077 2026] [security2:error] [pid 2223:tid 2309] [client 151.243.143.47:54832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix994x9ljkwb-moN0dvFwAAABg"]
[Fri Jun 12 18:45:27.968950 2026] [security2:error] [pid 3956:tid 3978] [client 151.243.143.47:54890] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.development"] [unique_id "aix999aJbkbJfrdoQW344AAAAVI"]
[Fri Jun 12 18:45:27.969261 2026] [security2:error] [pid 3956:tid 3978] [client 151.243.143.47:54890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.development"] [unique_id "aix999aJbkbJfrdoQW344AAAAVI"]
[Fri Jun 12 18:45:27.969671 2026] [security2:error] [pid 3956:tid 3978] [client 151.243.143.47:54890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix999aJbkbJfrdoQW344AAAAVI"]
[Fri Jun 12 18:45:27.971806 2026] [security2:error] [pid 2226:tid 2268] [client 151.243.143.47:54846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local"] [unique_id "aix991FRtWWq5keUhiZstgAAAMk"]
[Fri Jun 12 18:45:27.971965 2026] [security2:error] [pid 2225:tid 2234] [client 151.243.143.47:54976] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aix99wlfXplIDQ7S_d9CEAAAAIE"]
[Fri Jun 12 18:45:27.972007 2026] [security2:error] [pid 2226:tid 2268] [client 151.243.143.47:54846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.local"] [unique_id "aix991FRtWWq5keUhiZstgAAAMk"]
[Fri Jun 12 18:45:27.972110 2026] [security2:error] [pid 2225:tid 2234] [client 151.243.143.47:54976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aix99wlfXplIDQ7S_d9CEAAAAIE"]
[Fri Jun 12 18:45:27.972283 2026] [security2:error] [pid 2225:tid 2234] [client 151.243.143.47:54976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpcontacts.machen.ai"] [uri "/.env.bak"] [unique_id "aix99wlfXplIDQ7S_d9CEAAAAIE"]
[Fri Jun 12 18:45:27.972353 2026] [security2:error] [pid 2226:tid 2268] [client 151.243.143.47:54846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix991FRtWWq5keUhiZstgAAAMk"]
[Fri Jun 12 18:45:27.972576 2026] [security2:error] [pid 2225:tid 2234] [client 151.243.143.47:54976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "cpcontacts.machen.ai"] [uri "/index.html"] [unique_id "aix99wlfXplIDQ7S_d9CEAAAAIE"]
[Fri Jun 12 18:47:38.681394 2026] [security2:error] [pid 2224:tid 2315] [client 43.157.188.74:60164] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "www.erhabenn.com.br"] [uri "/"] [unique_id "aix-egu4gSu8gm44bgZxFgAAAEQ"]
[Fri Jun 12 18:49:52.575611 2026] [security2:error] [pid 3956:tid 3980] [client 43.165.126.130:41076] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "machen.ai"] [uri "/"] [unique_id "aix_ANaJbkbJfrdoQW38mgAAAVQ"], referer: http://machen.ai
[Fri Jun 12 18:51:04.255332 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Fri Jun 12 18:51:04.424251 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/x.php
[Fri Jun 12 18:51:05.097201 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/177.php
[Fri Jun 12 18:51:05.275215 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/199.php
[Fri Jun 12 18:51:05.427753 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/adca.php
[Fri Jun 12 18:51:05.589127 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ssixta.php
[Fri Jun 12 18:51:05.776595 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/b1ack.php
[Fri Jun 12 18:51:05.932888 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wtnok.php
[Fri Jun 12 18:51:06.186867 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/aykl4k.php
[Fri Jun 12 18:51:06.337513 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/sukce.php
[Fri Jun 12 18:51:06.495396 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/xb.php
[Fri Jun 12 18:51:06.646948 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/biufile.php
[Fri Jun 12 18:51:06.975401 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wpconf.php
[Fri Jun 12 18:51:07.151987 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ultradybbuks.php
[Fri Jun 12 18:51:07.402519 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/novax.php
[Fri Jun 12 18:51:07.573232 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/mosty.php
[Fri Jun 12 18:51:08.160857 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/dejavu.php
[Fri Jun 12 18:51:09.270824 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/aaf.php
[Fri Jun 12 18:51:09.430990 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/b00869ae6e.php
[Fri Jun 12 18:51:09.908718 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/hellcut.php
[Fri Jun 12 18:51:10.062230 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wander.php
[Fri Jun 12 18:51:10.922578 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ha.php
[Fri Jun 12 18:51:11.145236 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/hur.php
[Fri Jun 12 18:51:11.296489 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/2222.php
[Fri Jun 12 18:51:11.650329 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/h02ugyh.php
[Fri Jun 12 18:51:11.803959 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/mariju.php
[Fri Jun 12 18:51:11.987712 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/cu.php
[Fri Jun 12 18:51:12.141029 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/seiso.php
[Fri Jun 12 18:51:12.291984 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/155.php
[Fri Jun 12 18:51:13.231775 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ppp.php
[Fri Jun 12 18:51:13.431932 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/201.php
[Fri Jun 12 18:51:13.586949 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ops.php
[Fri Jun 12 18:51:13.755781 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/samll.php
[Fri Jun 12 18:51:13.947093 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ingfo.php
[Fri Jun 12 18:51:14.128717 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/error_log.php
[Fri Jun 12 18:51:14.283523 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/xenon1337.php
[Fri Jun 12 18:51:14.438867 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/test11.php
[Fri Jun 12 18:51:14.943926 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/koala.php
[Fri Jun 12 18:51:15.094782 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/mac.php
[Fri Jun 12 18:51:15.270022 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/25d653587fdfd1.php
[Fri Jun 12 18:51:15.437901 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wefile.php
[Fri Jun 12 18:51:17.026939 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/half.php
[Fri Jun 12 18:51:17.180771 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/2P.php
[Fri Jun 12 18:51:17.332605 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/tires.php
[Fri Jun 12 18:51:18.185583 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/like.php
[Fri Jun 12 18:51:18.349328 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/.well-known/about.php
[Fri Jun 12 18:51:18.672809 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/bob.php
[Fri Jun 12 18:51:18.838324 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/t3s.php
[Fri Jun 12 18:51:19.332062 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/uwu.php
[Fri Jun 12 18:51:19.495422 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/uwa.php
[Fri Jun 12 18:51:19.647678 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/crgio.php
[Fri Jun 12 18:51:19.806625 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/geforce.php
[Fri Jun 12 18:51:19.959119 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/pucci.php
[Fri Jun 12 18:51:20.439606 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/one.php
[Fri Jun 12 18:51:20.601489 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wp-temp.php
[Fri Jun 12 18:51:20.908565 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/w2026.php
[Fri Jun 12 18:51:21.099954 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/mode.php
[Fri Jun 12 18:51:21.446867 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/dx.php
[Fri Jun 12 18:51:21.784568 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/puc.php
[Fri Jun 12 18:51:22.604116 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/themes.php
[Fri Jun 12 18:51:22.767999 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/dx.php
[Fri Jun 12 18:51:22.921035 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/11.php
[Fri Jun 12 18:51:23.092968 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/p.php
[Fri Jun 12 18:51:23.691927 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/bthil.php
[Fri Jun 12 18:51:23.883799 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/7.php
[Fri Jun 12 18:51:24.204039 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/8.php
[Fri Jun 12 18:51:24.366973 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/1.php
[Fri Jun 12 18:51:24.517782 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/100.php
[Fri Jun 12 18:51:24.682008 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/about.php
[Fri Jun 12 18:51:24.858406 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/admin.php
[Fri Jun 12 18:51:25.009886 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/edit.php
[Fri Jun 12 18:51:25.326568 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/f6.php
[Fri Jun 12 18:51:25.631513 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/inputs.php
[Fri Jun 12 18:51:25.815086 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/av.php
[Fri Jun 12 18:51:26.209175 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/classwithtostring.php
[Fri Jun 12 18:51:26.541320 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/wp-blog.php
[Fri Jun 12 18:51:27.085372 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/adminfuns.php
[Fri Jun 12 18:51:27.235784 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/goods.php
[Fri Jun 12 18:51:27.405856 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/ms-edit.php
[Fri Jun 12 18:51:27.569413 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/222.php
[Fri Jun 12 18:51:27.753563 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/cgi-bin/index.php
[Fri Jun 12 18:51:28.095558 2026] [:error] [pid 2225:tid 2246] [client 20.196.104.72:34120] File does not exist: /disk001/sonne/public_html/BDKR28WP.php
[Fri Jun 12 18:51:30.112120 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/wp.php
[Fri Jun 12 18:51:30.267334 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/abcd.php
[Fri Jun 12 18:51:30.446774 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/a1.php
[Fri Jun 12 18:51:30.778602 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/bal.php
[Fri Jun 12 18:51:30.956855 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/cgi-bin/admin.php
[Fri Jun 12 18:51:31.112635 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/gettest.php
[Fri Jun 12 18:51:32.126635 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/simple.php
[Fri Jun 12 18:51:32.288765 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/kj.php
[Fri Jun 12 18:51:32.447002 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/xxx.php
[Fri Jun 12 18:51:32.610520 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/hypo.php
[Fri Jun 12 18:51:32.946262 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/chosen.php
[Fri Jun 12 18:51:33.302019 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/gg.php
[Fri Jun 12 18:51:33.456852 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/als.php
[Fri Jun 12 18:51:33.748983 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/pol.php
[Fri Jun 12 18:51:33.909877 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/006.php
[Fri Jun 12 18:51:34.070947 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file5.php
[Fri Jun 12 18:51:34.233793 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/4PJcpMFsD8B.php
[Fri Jun 12 18:51:34.449151 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file.php
[Fri Jun 12 18:51:34.645654 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/cfile.php
[Fri Jun 12 18:51:34.798603 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/class-wp.php
[Fri Jun 12 18:51:34.953826 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/ahax.php
[Fri Jun 12 18:51:35.109305 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/aa2.php
[Fri Jun 12 18:51:35.522621 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/ccou.php
[Fri Jun 12 18:51:35.676723 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/dr.php
[Fri Jun 12 18:51:36.008751 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/xamp.php
[Fri Jun 12 18:51:36.170785 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/cA3bHIkVhgP.php
[Fri Jun 12 18:51:36.370859 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/bless.php
[Fri Jun 12 18:51:36.556810 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file46.php
[Fri Jun 12 18:51:36.713216 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/bb.php
[Fri Jun 12 18:51:36.871747 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/eee.php
[Fri Jun 12 18:51:37.031164 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/5BltUjE9CrY.php
[Fri Jun 12 18:51:37.221890 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file25.php
[Fri Jun 12 18:51:37.382287 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/hg.php
[Fri Jun 12 18:51:37.544771 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file48.php
[Fri Jun 12 18:51:37.709542 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file59.php
[Fri Jun 12 18:51:38.234128 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/ff.php
[Fri Jun 12 18:51:38.388882 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file31.php
[Fri Jun 12 18:51:38.608514 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file6.php
[Fri Jun 12 18:51:38.763483 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/a2.php
[Fri Jun 12 18:51:39.168297 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file15.php
[Fri Jun 12 18:51:39.579451 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file81.php
[Fri Jun 12 18:51:39.734539 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/no1.php
[Fri Jun 12 18:51:39.887742 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/jp.php
[Fri Jun 12 18:51:40.132760 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/f35.php
[Fri Jun 12 18:51:40.310021 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/xa.php
[Fri Jun 12 18:51:40.467896 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/wp-load.php
[Fri Jun 12 18:51:40.622988 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/xwpg.php
[Fri Jun 12 18:51:40.779302 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/w2025.php
[Fri Jun 12 18:51:41.170860 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/ddd.php
[Fri Jun 12 18:51:41.496786 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/jj.php
[Fri Jun 12 18:51:41.653260 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/waf.php
[Fri Jun 12 18:51:41.839881 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/xstelth.php
[Fri Jun 12 18:51:42.157604 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/bel.php
[Fri Jun 12 18:51:42.327426 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/file58.php
[Fri Jun 12 18:51:42.481402 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/wp-links.php
[Fri Jun 12 18:51:42.928016 2026] [:error] [pid 2225:tid 2254] [client 20.196.104.72:42058] File does not exist: /disk001/sonne/public_html/berlin.php
[Fri Jun 12 18:55:22.980863 2026] [security2:error] [pid 2224:tid 2325] [client 109.105.210.103:34444] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyASgu4gSu8gm44bgZ6NAAAAE4"]
[Fri Jun 12 18:58:43.120590 2026] [security2:error] [pid 2225:tid 2234] [client 77.83.39.197:41582] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyBEwlfXplIDQ7S_d9QfQAAAIE"]
[Fri Jun 12 18:58:43.120754 2026] [security2:error] [pid 2225:tid 2234] [client 77.83.39.197:41582] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyBEwlfXplIDQ7S_d9QfQAAAIE"]
[Fri Jun 12 18:58:43.120864 2026] [security2:error] [pid 2225:tid 2234] [client 77.83.39.197:41582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyBEwlfXplIDQ7S_d9QfQAAAIE"]
[Fri Jun 12 18:58:43.121110 2026] [security2:error] [pid 2225:tid 2234] [client 77.83.39.197:41582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyBEwlfXplIDQ7S_d9QfQAAAIE"]
[Fri Jun 12 18:58:43.121329 2026] [security2:error] [pid 2225:tid 2234] [client 77.83.39.197:41582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyBEwlfXplIDQ7S_d9QfQAAAIE"]
[Fri Jun 12 19:01:07.996791 2026] [security2:error] [pid 2226:tid 2267] [client 207.90.244.28:40264] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyBo1FRtWWq5keUhiZ6CAAAAMg"]
[Fri Jun 12 19:01:09.500849 2026] [security2:error] [pid 2227:tid 2356] [client 207.90.244.28:40276] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiyBpS7p6yKJCmGXfa9CywAAARM"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 19:01:27.854105 2026] [security2:error] [pid 3956:tid 3975] [client 207.90.244.28:35774] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/robots.txt"] [unique_id "aiyBt9aJbkbJfrdoQW0H1QAAAU8"]
[Fri Jun 12 19:01:29.565149 2026] [security2:error] [pid 2224:tid 2328] [client 207.90.244.28:35780] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/sitemap.xml"] [unique_id "aiyBuQu4gSu8gm44bgZ_cgAAAFE"]
[Fri Jun 12 19:01:30.190122 2026] [security2:error] [pid 2226:tid 2261] [client 207.90.244.28:35794] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.well-known/security.txt"] [unique_id "aiyBulFRtWWq5keUhiZ6ZgAAAMI"]
[Fri Jun 12 19:01:32.315572 2026] [security2:error] [pid 2224:tid 2333] [client 207.90.244.28:35806] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiyBvAu4gSu8gm44bgZ_ewAAAFY"]
[Fri Jun 12 19:02:21.839755 2026] [security2:error] [pid 2225:tid 2244] [client 137.184.85.24:51924] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyB7QlfXplIDQ7S_d9VpgAAAIs"]
[Fri Jun 12 19:02:21.839892 2026] [security2:error] [pid 2225:tid 2244] [client 137.184.85.24:51924] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyB7QlfXplIDQ7S_d9VpgAAAIs"]
[Fri Jun 12 19:02:21.840244 2026] [security2:error] [pid 2225:tid 2244] [client 137.184.85.24:51924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyB7QlfXplIDQ7S_d9VpgAAAIs"]
[Fri Jun 12 19:02:21.841056 2026] [security2:error] [pid 2225:tid 2244] [client 137.184.85.24:51924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyB7QlfXplIDQ7S_d9VpgAAAIs"]
[Fri Jun 12 19:04:11.355786 2026] [security2:error] [pid 2225:tid 2238] [client 109.105.210.104:32998] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyCWwlfXplIDQ7S_d9YSgAAAIU"], referer: http://13.84.161.190/
[Fri Jun 12 19:04:12.223042 2026] [security2:error] [pid 2226:tid 2276] [client 194.48.248.43:34620] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyCXFFRtWWq5keUhiZ9MQAAANE"]
[Fri Jun 12 19:04:12.223192 2026] [security2:error] [pid 2226:tid 2276] [client 194.48.248.43:34620] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyCXFFRtWWq5keUhiZ9MQAAANE"]
[Fri Jun 12 19:04:12.223603 2026] [security2:error] [pid 2226:tid 2276] [client 194.48.248.43:34620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyCXFFRtWWq5keUhiZ9MQAAANE"]
[Fri Jun 12 19:04:13.045672 2026] [security2:error] [pid 2226:tid 2276] [client 194.48.248.43:34620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyCXFFRtWWq5keUhiZ9MQAAANE"]
[Fri Jun 12 19:05:40.711738 2026] [security2:error] [pid 2225:tid 2235] [client 45.156.128.14:50894] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyCtAlfXplIDQ7S_d9aPQAAAII"], referer: http://13.84.161.190/
[Fri Jun 12 19:09:35.602545 2026] [security2:error] [pid 2224:tid 2312] [client 43.130.102.223:42314] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "338"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyDnwu4gSu8gm44bgaF3gAAAEE"]
[Fri Jun 12 19:09:35.602644 2026] [security2:error] [pid 2224:tid 2312] [client 43.130.102.223:42314] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyDnwu4gSu8gm44bgaF3gAAAEE"]
[Fri Jun 12 19:09:35.603077 2026] [security2:error] [pid 2224:tid 2312] [client 43.130.102.223:42314] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyDnwu4gSu8gm44bgaF3gAAAEE"]
[Fri Jun 12 19:09:35.604243 2026] [security2:error] [pid 2224:tid 2312] [client 43.130.102.223:42314] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 6 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 6, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyDnwu4gSu8gm44bgaF3gAAAEE"]
[Fri Jun 12 19:13:13.798800 2026] [security2:error] [pid 2224:tid 2331] [client 34.123.82.129:53276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiyEeQu4gSu8gm44bgaJwQAAAFQ"]
[Fri Jun 12 19:13:13.799008 2026] [security2:error] [pid 2224:tid 2331] [client 34.123.82.129:53276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiyEeQu4gSu8gm44bgaJwQAAAFQ"]
[Fri Jun 12 19:13:13.799307 2026] [security2:error] [pid 2224:tid 2331] [client 34.123.82.129:53276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.suporte.machen.ai"] [uri "/.env"] [unique_id "aiyEeQu4gSu8gm44bgaJwQAAAFQ"]
[Fri Jun 12 19:13:16.918220 2026] [security2:error] [pid 2227:tid 2347] [client 34.123.82.129:60066] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aiyEfC7p6yKJCmGXfa9OcwAAAQo"]
[Fri Jun 12 19:13:16.918610 2026] [security2:error] [pid 2227:tid 2347] [client 34.123.82.129:60066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.support.machen.ai"] [uri "/.env"] [unique_id "aiyEfC7p6yKJCmGXfa9OcwAAAQo"]
[Fri Jun 12 19:13:25.209030 2026] [security2:error] [pid 2227:tid 2347] [client 34.123.82.129:60066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "www.support.machen.ai"] [uri "/index.php"] [unique_id "aiyEfC7p6yKJCmGXfa9OcwAAAQo"]
[Fri Jun 12 19:13:35.484096 2026] [security2:error] [pid 2224:tid 2320] [client 77.83.39.197:54908] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyEjwu4gSu8gm44bgaKYAAAAEk"]
[Fri Jun 12 19:13:35.484296 2026] [security2:error] [pid 2224:tid 2320] [client 77.83.39.197:54908] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyEjwu4gSu8gm44bgaKYAAAAEk"]
[Fri Jun 12 19:13:35.484490 2026] [security2:error] [pid 2224:tid 2320] [client 77.83.39.197:54908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyEjwu4gSu8gm44bgaKYAAAAEk"]
[Fri Jun 12 19:13:35.484786 2026] [security2:error] [pid 2224:tid 2320] [client 77.83.39.197:54908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyEjwu4gSu8gm44bgaKYAAAAEk"]
[Fri Jun 12 19:13:35.486146 2026] [security2:error] [pid 2224:tid 2320] [client 77.83.39.197:54908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyEjwu4gSu8gm44bgaKYAAAAEk"]
[Fri Jun 12 19:14:45.850877 2026] [security2:error] [pid 2223:tid 2294] [client 152.32.245.186:57410] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyE1Yx9ljkwb-moN0eNdwAAAAk"]
[Fri Jun 12 19:15:02.127384 2026] [security2:error] [pid 2225:tid 2236] [client 101.36.123.67:53462] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyE5glfXplIDQ7S_d9jmwAAAIM"]
[Fri Jun 12 19:15:02.477380 2026] [security2:error] [pid 2225:tid 2245] [client 101.36.123.67:53576] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiyE5glfXplIDQ7S_d9jnAAAAIw"]
[Fri Jun 12 19:15:02.833394 2026] [security2:error] [pid 2223:tid 2294] [client 101.36.123.67:53646] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi/robots.txt"] [unique_id "aiyE5ox9ljkwb-moN0eNswAAAAk"]
[Fri Jun 12 19:15:02.834859 2026] [security2:error] [pid 2225:tid 2247] [client 101.36.123.67:53650] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi/sitemap.xml"] [unique_id "aiyE5glfXplIDQ7S_d9jngAAAI4"]
[Fri Jun 12 19:15:05.042074 2026] [security2:error] [pid 2223:tid 2290] [client 101.36.123.67:54162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "aiyE6Yx9ljkwb-moN0eNvAAAAAU"]
[Fri Jun 12 19:15:05.568915 2026] [security2:error] [pid 2223:tid 2286] [client 101.36.123.67:54296] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/favicon.ico"] [unique_id "aiyE6Yx9ljkwb-moN0eNwAAAAAE"]
[Fri Jun 12 19:15:05.919425 2026] [security2:error] [pid 2226:tid 2281] [client 101.36.123.67:54418] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi/robots.txt"] [unique_id "aiyE6VFRtWWq5keUhiaHCAAAANY"]
[Fri Jun 12 19:15:05.919807 2026] [security2:error] [pid 2224:tid 2335] [client 101.36.123.67:54420] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/defaultwebpage.cgi/sitemap.xml"] [unique_id "aiyE6Qu4gSu8gm44bgaMnQAAAFg"]
[Fri Jun 12 19:15:21.548630 2026] [cgid:error] [pid 2225:tid 2240] [client 106.63.26.27:24766] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 19:15:39.357361 2026] [cgid:error] [pid 2223:tid 2290] [client 106.63.26.139:18254] AH01265: stderr from /disk001/sonne/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 19:18:54.895786 2026] [cgid:error] [pid 2227:tid 2341] [client 66.132.172.181:35972] AH01265: stderr from /disk001/machen/public_html/suporte/cgi-bin/: attempt to invoke directory as script, referer: http://www.suporte.machen.ai:80/cgi-bin
[Fri Jun 12 19:20:12.880870 2026] [security2:error] [pid 2226:tid 2265] [client 79.124.40.174:57986] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyGHFFRtWWq5keUhiaL8AAAAMY"]
[Fri Jun 12 19:24:09.810277 2026] [core:error] [pid 2225:tid 2233] [client 180.184.79.101:20070] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 19:24:47.919136 2026] [core:error] [pid 2225:tid 2252] [client 180.184.79.101:29300] AH10244: invalid URI path (/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh)
[Fri Jun 12 19:25:22.983832 2026] [security2:error] [pid 2225:tid 2244] [client 180.184.79.101:58752] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiyHUglfXplIDQ7S_d9v4wAAAIs"]
[Fri Jun 12 19:25:22.984290 2026] [security2:error] [pid 2225:tid 2244] [client 180.184.79.101:58752] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiyHUglfXplIDQ7S_d9v4wAAAIs"]
[Fri Jun 12 19:25:22.984353 2026] [security2:error] [pid 2225:tid 2244] [client 180.184.79.101:58752] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "198"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiyHUglfXplIDQ7S_d9v4wAAAIs"]
[Fri Jun 12 19:25:22.984857 2026] [security2:error] [pid 2225:tid 2244] [client 180.184.79.101:58752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/hello.world"] [unique_id "aiyHUglfXplIDQ7S_d9v4wAAAIs"]
[Fri Jun 12 19:25:22.985909 2026] [security2:error] [pid 2225:tid 2244] [client 180.184.79.101:58752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyHUglfXplIDQ7S_d9v4wAAAIs"]
[Fri Jun 12 19:32:51.750997 2026] [core:error] [pid 2224:tid 2327] [client 84.228.161.72:57536] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 19:52:24.869611 2026] [security2:error] [pid 5462:tid 5483] [client 78.153.140.156:53506] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyNqJIjhtVyOPygpb8FswAAAA8"]
[Fri Jun 12 19:52:24.869821 2026] [security2:error] [pid 5462:tid 5483] [client 78.153.140.156:53506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyNqJIjhtVyOPygpb8FswAAAA8"]
[Fri Jun 12 19:52:24.869993 2026] [security2:error] [pid 5462:tid 5483] [client 78.153.140.156:53506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyNqJIjhtVyOPygpb8FswAAAA8"]
[Fri Jun 12 19:52:24.870219 2026] [security2:error] [pid 5462:tid 5483] [client 78.153.140.156:53506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyNqJIjhtVyOPygpb8FswAAAA8"]
[Fri Jun 12 19:52:25.506746 2026] [security2:error] [pid 5462:tid 5490] [client 78.153.140.156:40456] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyNqZIjhtVyOPygpb8FtgAAABY"]
[Fri Jun 12 19:59:15.993743 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.git/config"] [unique_id "aiyPQ8UEq4FMpjHchqQyAQAAAIw"]
[Fri Jun 12 19:59:15.994028 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.git/config"] [unique_id "aiyPQ8UEq4FMpjHchqQyAQAAAIw"]
[Fri Jun 12 19:59:15.994362 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPQ8UEq4FMpjHchqQyAQAAAIw"]
[Fri Jun 12 19:59:16.013854 2026] [security2:error] [pid 3956:tid 3979] [client 151.243.143.47:55906] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyPRNaJbkbJfrdoQW1AIAAAAVM"]
[Fri Jun 12 19:59:16.014065 2026] [security2:error] [pid 3956:tid 3979] [client 151.243.143.47:55906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyPRNaJbkbJfrdoQW1AIAAAAVM"]
[Fri Jun 12 19:59:16.014385 2026] [security2:error] [pid 3956:tid 3979] [client 151.243.143.47:55906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRNaJbkbJfrdoQW1AIAAAAVM"]
[Fri Jun 12 19:59:16.255713 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env"] [unique_id "aiyPRMUEq4FMpjHchqQyBAAAAIw"]
[Fri Jun 12 19:59:16.255884 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env"] [unique_id "aiyPRMUEq4FMpjHchqQyBAAAAIw"]
[Fri Jun 12 19:59:16.256193 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRMUEq4FMpjHchqQyBAAAAIw"]
[Fri Jun 12 19:59:16.462584 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env.local"] [unique_id "aiyPRMUEq4FMpjHchqQyBgAAAIw"]
[Fri Jun 12 19:59:16.462953 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env.local"] [unique_id "aiyPRMUEq4FMpjHchqQyBgAAAIw"]
[Fri Jun 12 19:59:16.463308 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRMUEq4FMpjHchqQyBgAAAIw"]
[Fri Jun 12 19:59:16.669302 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env.production"] [unique_id "aiyPRMUEq4FMpjHchqQyCQAAAIw"]
[Fri Jun 12 19:59:16.669562 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env.production"] [unique_id "aiyPRMUEq4FMpjHchqQyCQAAAIw"]
[Fri Jun 12 19:59:16.669941 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRMUEq4FMpjHchqQyCQAAAIw"]
[Fri Jun 12 19:59:16.874093 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env.development"] [unique_id "aiyPRMUEq4FMpjHchqQyDQAAAIw"]
[Fri Jun 12 19:59:16.874299 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env.development"] [unique_id "aiyPRMUEq4FMpjHchqQyDQAAAIw"]
[Fri Jun 12 19:59:16.874708 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRMUEq4FMpjHchqQyDQAAAIw"]
[Fri Jun 12 19:59:17.071155 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "file.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPRcUEq4FMpjHchqQyDgAAAIw"]
[Fri Jun 12 19:59:17.071361 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPRcUEq4FMpjHchqQyDgAAAIw"]
[Fri Jun 12 19:59:17.071603 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPRcUEq4FMpjHchqQyDgAAAIw"]
[Fri Jun 12 19:59:17.071976 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRcUEq4FMpjHchqQyDgAAAIw"]
[Fri Jun 12 19:59:17.271187 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "file.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPRcUEq4FMpjHchqQyEAAAAIw"]
[Fri Jun 12 19:59:17.271387 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "file.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPRcUEq4FMpjHchqQyEAAAAIw"]
[Fri Jun 12 19:59:17.271650 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "file.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPRcUEq4FMpjHchqQyEAAAAIw"]
[Fri Jun 12 19:59:17.272056 2026] [security2:error] [pid 4266:tid 4280] [client 151.243.143.47:55888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "file.machen.ai"] [uri "/index.html"] [unique_id "aiyPRcUEq4FMpjHchqQyEAAAAIw"]
[Fri Jun 12 20:00:31.150721 2026] [security2:error] [pid 3956:tid 3972] [client 185.247.137.47:36485] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyPj9aJbkbJfrdoQW1BGgAAAUw"]
[Fri Jun 12 20:00:31.517934 2026] [security2:error] [pid 4310:tid 4355] [client 185.247.137.47:52595] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiyPj1unT5cBeiKzNzvdBAAAAM8"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 20:01:07.286869 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyPs8UEq4FMpjHchqQ0QgAAAJI"]
[Fri Jun 12 20:01:07.287226 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyPs8UEq4FMpjHchqQ0QgAAAJI"]
[Fri Jun 12 20:01:07.298924 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.git/config"] [unique_id "aiyPs1unT5cBeiKzNzvdzQAAANI"]
[Fri Jun 12 20:01:07.299229 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.git/config"] [unique_id "aiyPs1unT5cBeiKzNzvdzQAAANI"]
[Fri Jun 12 20:01:08.153916 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPs8UEq4FMpjHchqQ0QgAAAJI"]
[Fri Jun 12 20:01:08.242239 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPs1unT5cBeiKzNzvdzQAAANI"]
[Fri Jun 12 20:01:09.828677 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env"] [unique_id "aiyPtZIjhtVyOPygpb8O-gAAAAM"]
[Fri Jun 12 20:01:09.828928 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env"] [unique_id "aiyPtZIjhtVyOPygpb8O-gAAAAM"]
[Fri Jun 12 20:01:09.829982 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env.production"] [unique_id "aiyPtVunT5cBeiKzNzvd2gAAANI"]
[Fri Jun 12 20:01:09.830214 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env.production"] [unique_id "aiyPtVunT5cBeiKzNzvd2gAAANI"]
[Fri Jun 12 20:01:09.834045 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env.local"] [unique_id "aiyPtcUEq4FMpjHchqQ0TAAAAJI"]
[Fri Jun 12 20:01:09.834221 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env.local"] [unique_id "aiyPtcUEq4FMpjHchqQ0TAAAAJI"]
[Fri Jun 12 20:01:10.176800 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPtVunT5cBeiKzNzvd2gAAANI"]
[Fri Jun 12 20:01:10.189242 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPtZIjhtVyOPygpb8O-gAAAAM"]
[Fri Jun 12 20:01:10.440293 2026] [security2:error] [pid 4266:tid 4286] [client 151.243.143.47:60710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPtcUEq4FMpjHchqQ0TAAAAJI"]
[Fri Jun 12 20:01:10.751973 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env.development"] [unique_id "aiyPtpIjhtVyOPygpb8O_wAAAAM"]
[Fri Jun 12 20:01:10.752299 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env.development"] [unique_id "aiyPtpIjhtVyOPygpb8O_wAAAAM"]
[Fri Jun 12 20:01:10.832506 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fl.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPtlunT5cBeiKzNzvd3wAAANI"]
[Fri Jun 12 20:01:10.832807 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPtlunT5cBeiKzNzvd3wAAANI"]
[Fri Jun 12 20:01:10.833088 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env.bak"] [unique_id "aiyPtlunT5cBeiKzNzvd3wAAANI"]
[Fri Jun 12 20:01:11.146763 2026] [security2:error] [pid 5462:tid 5471] [client 151.243.143.47:60706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPtpIjhtVyOPygpb8O_wAAAAM"]
[Fri Jun 12 20:01:11.253682 2026] [security2:error] [pid 4310:tid 4356] [client 151.243.143.47:60728] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fl.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPt1unT5cBeiKzNzvd4QAAANA"]
[Fri Jun 12 20:01:11.253880 2026] [security2:error] [pid 4310:tid 4356] [client 151.243.143.47:60728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fl.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPt1unT5cBeiKzNzvd4QAAANA"]
[Fri Jun 12 20:01:11.254112 2026] [security2:error] [pid 4310:tid 4356] [client 151.243.143.47:60728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fl.machen.ai"] [uri "/.env.backup"] [unique_id "aiyPt1unT5cBeiKzNzvd4QAAANA"]
[Fri Jun 12 20:01:11.279028 2026] [security2:error] [pid 4310:tid 4358] [client 151.243.143.47:60702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPtlunT5cBeiKzNzvd3wAAANI"]
[Fri Jun 12 20:01:12.844333 2026] [security2:error] [pid 4310:tid 4356] [client 151.243.143.47:60728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fl.machen.ai"] [uri "/index.php"] [unique_id "aiyPt1unT5cBeiKzNzvd4QAAANA"]
[Fri Jun 12 20:01:36.832264 2026] [security2:error] [pid 4309:tid 4330] [client 208.84.100.38:26078] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/wp-content/debug.log"] [unique_id "aiyP0IVsvRFmPfhh-xjaUwAAAFI"]
[Fri Jun 12 20:01:36.832777 2026] [security2:error] [pid 4309:tid 4330] [client 208.84.100.38:26078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/wp-content/debug.log"] [unique_id "aiyP0IVsvRFmPfhh-xjaUwAAAFI"]
[Fri Jun 12 20:01:37.343310 2026] [security2:error] [pid 4309:tid 4330] [client 208.84.100.38:26078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP0IVsvRFmPfhh-xjaUwAAAFI"]
[Fri Jun 12 20:01:40.229821 2026] [security2:error] [pid 5462:tid 5486] [client 208.84.100.38:14026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env"] [unique_id "aiyP1JIjhtVyOPygpb8PowAAABI"]
[Fri Jun 12 20:01:40.230072 2026] [security2:error] [pid 5462:tid 5486] [client 208.84.100.38:14026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env"] [unique_id "aiyP1JIjhtVyOPygpb8PowAAABI"]
[Fri Jun 12 20:01:40.233473 2026] [security2:error] [pid 3956:tid 3975] [client 208.84.100.38:14226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aiyP1NaJbkbJfrdoQW1BzwAAAU8"]
[Fri Jun 12 20:01:40.233681 2026] [security2:error] [pid 3956:tid 3975] [client 208.84.100.38:14226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aiyP1NaJbkbJfrdoQW1BzwAAAU8"]
[Fri Jun 12 20:01:40.741245 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production"] [unique_id "aiyP1MUEq4FMpjHchqQ0uAAAAJY"]
[Fri Jun 12 20:01:40.742299 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production"] [unique_id "aiyP1MUEq4FMpjHchqQ0uAAAAJY"]
[Fri Jun 12 20:01:41.033055 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyP1YVsvRFmPfhh-xjaYQAAAEs"]
[Fri Jun 12 20:01:41.033355 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyP1YVsvRFmPfhh-xjaYQAAAEs"]
[Fri Jun 12 20:01:41.035017 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:14456] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.docker/config.json"] [unique_id "aiyP1ZIjhtVyOPygpb8PqAAAAAQ"]
[Fri Jun 12 20:01:41.035232 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:14456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.docker/config.json"] [unique_id "aiyP1ZIjhtVyOPygpb8PqAAAAAQ"]
[Fri Jun 12 20:01:41.048681 2026] [security2:error] [pid 3956:tid 3975] [client 208.84.100.38:14226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1NaJbkbJfrdoQW1BzwAAAU8"]
[Fri Jun 12 20:01:41.055088 2026] [security2:error] [pid 5462:tid 5486] [client 208.84.100.38:14026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1JIjhtVyOPygpb8PowAAABI"]
[Fri Jun 12 20:01:41.120096 2026] [security2:error] [pid 4266:tid 4281] [client 208.84.100.38:13862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aiyP1cUEq4FMpjHchqQ0ugAAAI0"]
[Fri Jun 12 20:01:41.120400 2026] [security2:error] [pid 4266:tid 4281] [client 208.84.100.38:13862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aiyP1cUEq4FMpjHchqQ0ugAAAI0"]
[Fri Jun 12 20:01:41.417198 2026] [security2:error] [pid 5462:tid 5482] [client 208.84.100.38:13800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aiyP1ZIjhtVyOPygpb8PrwAAAA4"]
[Fri Jun 12 20:01:41.417499 2026] [security2:error] [pid 5462:tid 5482] [client 208.84.100.38:13800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aiyP1ZIjhtVyOPygpb8PrwAAAA4"]
[Fri Jun 12 20:01:41.420058 2026] [security2:error] [pid 3956:tid 3970] [client 208.84.100.38:13898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aiyP1daJbkbJfrdoQW1B2QAAAUo"]
[Fri Jun 12 20:01:41.420314 2026] [security2:error] [pid 3956:tid 3970] [client 208.84.100.38:13898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aiyP1daJbkbJfrdoQW1B2QAAAUo"]
[Fri Jun 12 20:01:41.420813 2026] [security2:error] [pid 4266:tid 4280] [client 208.84.100.38:13968] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiyP1cUEq4FMpjHchqQ0vAAAAIw"]
[Fri Jun 12 20:01:41.421035 2026] [security2:error] [pid 4266:tid 4280] [client 208.84.100.38:13968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiyP1cUEq4FMpjHchqQ0vAAAAIw"]
[Fri Jun 12 20:01:41.951755 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1MUEq4FMpjHchqQ0uAAAAJY"]
[Fri Jun 12 20:01:42.656508 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1YVsvRFmPfhh-xjaYQAAAEs"]
[Fri Jun 12 20:01:42.699970 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:14456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1ZIjhtVyOPygpb8PqAAAAAQ"]
[Fri Jun 12 20:01:42.894823 2026] [security2:error] [pid 4266:tid 4280] [client 208.84.100.38:13968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1cUEq4FMpjHchqQ0vAAAAIw"]
[Fri Jun 12 20:01:43.045052 2026] [security2:error] [pid 4266:tid 4281] [client 208.84.100.38:13862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1cUEq4FMpjHchqQ0ugAAAI0"]
[Fri Jun 12 20:01:43.105901 2026] [security2:error] [pid 5462:tid 5482] [client 208.84.100.38:13800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1ZIjhtVyOPygpb8PrwAAAA4"]
[Fri Jun 12 20:01:43.419988 2026] [security2:error] [pid 3956:tid 3970] [client 208.84.100.38:13898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP1daJbkbJfrdoQW1B2QAAAUo"]
[Fri Jun 12 20:01:43.531747 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aiyP14VsvRFmPfhh-xjaagAAAEw"]
[Fri Jun 12 20:01:43.532072 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aiyP14VsvRFmPfhh-xjaagAAAEw"]
[Fri Jun 12 20:01:43.532369 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.backup"] [unique_id "aiyP14VsvRFmPfhh-xjaagAAAEw"]
[Fri Jun 12 20:01:43.904952 2026] [mpm_worker:error] [pid 2217:tid 2217] AH00287: server is within MinSpareThreads of MaxRequestWorkers, consider raising the MaxRequestWorkers setting
[Fri Jun 12 20:01:44.320944 2026] [security2:error] [pid 5057:tid 5063] [client 208.84.100.38:14414] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aiyP2BoFVnsH4cPWudgSrwAAAQE"]
[Fri Jun 12 20:01:44.321158 2026] [security2:error] [pid 5057:tid 5063] [client 208.84.100.38:14414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aiyP2BoFVnsH4cPWudgSrwAAAQE"]
[Fri Jun 12 20:01:44.321429 2026] [security2:error] [pid 5057:tid 5063] [client 208.84.100.38:14414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.bak"] [unique_id "aiyP2BoFVnsH4cPWudgSrwAAAQE"]
[Fri Jun 12 20:01:44.381474 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP14VsvRFmPfhh-xjaagAAAEw"]
[Fri Jun 12 20:01:44.630366 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aiyP2IVsvRFmPfhh-xjabwAAAEs"]
[Fri Jun 12 20:01:44.630740 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aiyP2IVsvRFmPfhh-xjabwAAAEs"]
[Fri Jun 12 20:01:44.634555 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:14142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aiyP2BoFVnsH4cPWudgSsAAAARQ"]
[Fri Jun 12 20:01:44.634777 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:14142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aiyP2BoFVnsH4cPWudgSsAAAARQ"]
[Fri Jun 12 20:01:44.638512 2026] [security2:error] [pid 4310:tid 4353] [client 208.84.100.38:14272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aiyP2FunT5cBeiKzNzveqwAAAM0"]
[Fri Jun 12 20:01:44.638853 2026] [security2:error] [pid 4310:tid 4353] [client 208.84.100.38:14272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aiyP2FunT5cBeiKzNzveqwAAAM0"]
[Fri Jun 12 20:01:44.643273 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aiyP2MUEq4FMpjHchqQ0xAAAAJY"]
[Fri Jun 12 20:01:44.643474 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aiyP2MUEq4FMpjHchqQ0xAAAAJY"]
[Fri Jun 12 20:01:44.722849 2026] [security2:error] [pid 3956:tid 3965] [client 208.84.100.38:14532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.test"] [unique_id "aiyP2NaJbkbJfrdoQW1B4gAAAUU"]
[Fri Jun 12 20:01:44.723172 2026] [security2:error] [pid 3956:tid 3965] [client 208.84.100.38:14532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.test"] [unique_id "aiyP2NaJbkbJfrdoQW1B4gAAAUU"]
[Fri Jun 12 20:01:44.724022 2026] [security2:error] [pid 5057:tid 5067] [client 208.84.100.38:14190] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiyP2BoFVnsH4cPWudgSsQAAAQU"]
[Fri Jun 12 20:01:44.724309 2026] [security2:error] [pid 5057:tid 5067] [client 208.84.100.38:14190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiyP2BoFVnsH4cPWudgSsQAAAQU"]
[Fri Jun 12 20:01:44.724508 2026] [security2:error] [pid 5057:tid 5067] [client 208.84.100.38:14190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiyP2BoFVnsH4cPWudgSsQAAAQU"]
[Fri Jun 12 20:01:44.727543 2026] [security2:error] [pid 4310:tid 4341] [client 208.84.100.38:14166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aiyP2FunT5cBeiKzNzverAAAAME"]
[Fri Jun 12 20:01:44.727786 2026] [security2:error] [pid 4310:tid 4341] [client 208.84.100.38:14166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aiyP2FunT5cBeiKzNzverAAAAME"]
[Fri Jun 12 20:01:44.733165 2026] [security2:error] [pid 5462:tid 5469] [client 208.84.100.38:13874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "aiyP2JIjhtVyOPygpb8PuwAAAAE"]
[Fri Jun 12 20:01:44.733387 2026] [security2:error] [pid 5462:tid 5469] [client 208.84.100.38:13874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/laravel/.env"] [unique_id "aiyP2JIjhtVyOPygpb8PuwAAAAE"]
[Fri Jun 12 20:01:44.840831 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aiyP2IVsvRFmPfhh-xjacwAAAEw"]
[Fri Jun 12 20:01:44.841055 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aiyP2IVsvRFmPfhh-xjacwAAAEw"]
[Fri Jun 12 20:01:45.438632 2026] [security2:error] [pid 5057:tid 5076] [client 208.84.100.38:14212] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.kube/config"] [unique_id "aiyP2RoFVnsH4cPWudgSuQAAAQ4"]
[Fri Jun 12 20:01:45.439010 2026] [security2:error] [pid 5057:tid 5076] [client 208.84.100.38:14212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.kube/config"] [unique_id "aiyP2RoFVnsH4cPWudgSuQAAAQ4"]
[Fri Jun 12 20:01:45.796876 2026] [security2:error] [pid 5057:tid 5063] [client 208.84.100.38:14414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2BoFVnsH4cPWudgSrwAAAQE"]
[Fri Jun 12 20:01:46.426292 2026] [security2:error] [pid 5462:tid 5469] [client 208.84.100.38:13874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2JIjhtVyOPygpb8PuwAAAAE"]
[Fri Jun 12 20:01:46.694532 2026] [security2:error] [pid 4266:tid 4290] [client 208.84.100.38:14286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2MUEq4FMpjHchqQ0xAAAAJY"]
[Fri Jun 12 20:01:46.777501 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:14142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2BoFVnsH4cPWudgSsAAAARQ"]
[Fri Jun 12 20:01:46.958135 2026] [security2:error] [pid 4310:tid 4341] [client 208.84.100.38:14166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2FunT5cBeiKzNzverAAAAME"]
[Fri Jun 12 20:01:46.961895 2026] [security2:error] [pid 4309:tid 4323] [client 208.84.100.38:13786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2IVsvRFmPfhh-xjabwAAAEs"]
[Fri Jun 12 20:01:47.434236 2026] [security2:error] [pid 4310:tid 4353] [client 208.84.100.38:14272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2FunT5cBeiKzNzveqwAAAM0"]
[Fri Jun 12 20:01:47.490087 2026] [security2:error] [pid 4309:tid 4324] [client 208.84.100.38:13782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2IVsvRFmPfhh-xjacwAAAEw"]
[Fri Jun 12 20:01:47.532876 2026] [security2:error] [pid 3956:tid 3965] [client 208.84.100.38:14532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2NaJbkbJfrdoQW1B4gAAAUU"]
[Fri Jun 12 20:01:47.626743 2026] [security2:error] [pid 5057:tid 5067] [client 208.84.100.38:14190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2BoFVnsH4cPWudgSsQAAAQU"]
[Fri Jun 12 20:01:48.155968 2026] [security2:error] [pid 5057:tid 5076] [client 208.84.100.38:14212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP2RoFVnsH4cPWudgSuQAAAQ4"]
[Fri Jun 12 20:01:49.867394 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.git/config"] [unique_id "aiyP3VunT5cBeiKzNzvewgAAANc"]
[Fri Jun 12 20:01:49.867721 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.git/config"] [unique_id "aiyP3VunT5cBeiKzNzvewgAAANc"]
[Fri Jun 12 20:01:49.871257 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyP3daJbkbJfrdoQW1B-gAAAVE"]
[Fri Jun 12 20:01:49.871563 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.git/HEAD"] [unique_id "aiyP3daJbkbJfrdoQW1B-gAAAVE"]
[Fri Jun 12 20:01:49.900643 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3VunT5cBeiKzNzvewgAAANc"]
[Fri Jun 12 20:01:49.901524 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3daJbkbJfrdoQW1B-gAAAVE"]
[Fri Jun 12 20:01:50.102964 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.production"] [unique_id "aiyP3taJbkbJfrdoQW1B_AAAAVE"]
[Fri Jun 12 20:01:50.103204 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.production"] [unique_id "aiyP3taJbkbJfrdoQW1B_AAAAVE"]
[Fri Jun 12 20:01:50.108205 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3taJbkbJfrdoQW1B_AAAAVE"]
[Fri Jun 12 20:01:50.276979 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env"] [unique_id "aiyP3sUEq4FMpjHchqQ01QAAAJU"]
[Fri Jun 12 20:01:50.277230 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env"] [unique_id "aiyP3sUEq4FMpjHchqQ01QAAAJU"]
[Fri Jun 12 20:01:50.282075 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3sUEq4FMpjHchqQ01QAAAJU"]
[Fri Jun 12 20:01:50.310903 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.development"] [unique_id "aiyP3lunT5cBeiKzNzvexwAAANc"]
[Fri Jun 12 20:01:50.311134 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.development"] [unique_id "aiyP3lunT5cBeiKzNzvexwAAANc"]
[Fri Jun 12 20:01:50.312628 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyP3taJbkbJfrdoQW1B_wAAAVE"]
[Fri Jun 12 20:01:50.312869 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyP3taJbkbJfrdoQW1B_wAAAVE"]
[Fri Jun 12 20:01:50.313132 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyP3taJbkbJfrdoQW1B_wAAAVE"]
[Fri Jun 12 20:01:50.314193 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3lunT5cBeiKzNzvexwAAANc"]
[Fri Jun 12 20:01:50.315226 2026] [security2:error] [pid 3956:tid 3977] [client 151.243.143.47:36972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3taJbkbJfrdoQW1B_wAAAVE"]
[Fri Jun 12 20:01:50.504132 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.local"] [unique_id "aiyP3sUEq4FMpjHchqQ01wAAAJU"]
[Fri Jun 12 20:01:50.504374 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.local"] [unique_id "aiyP3sUEq4FMpjHchqQ01wAAAJU"]
[Fri Jun 12 20:01:50.511917 2026] [security2:error] [pid 4266:tid 4289] [client 151.243.143.47:36970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3sUEq4FMpjHchqQ01wAAAJU"]
[Fri Jun 12 20:01:50.518136 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyP3lunT5cBeiKzNzveyQAAANc"]
[Fri Jun 12 20:01:50.518432 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyP3lunT5cBeiKzNzveyQAAANc"]
[Fri Jun 12 20:01:50.518855 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyP3lunT5cBeiKzNzveyQAAANc"]
[Fri Jun 12 20:01:50.522153 2026] [security2:error] [pid 4310:tid 4363] [client 151.243.143.47:36966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/index.php"] [unique_id "aiyP3lunT5cBeiKzNzveyQAAANc"]
[Fri Jun 12 20:01:57.939182 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.copy"] [unique_id "aiyP5ZIjhtVyOPygpb8P_wAAAAk"]
[Fri Jun 12 20:01:57.939434 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.copy"] [unique_id "aiyP5ZIjhtVyOPygpb8P_wAAAAk"]
[Fri Jun 12 20:01:58.508730 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5ZIjhtVyOPygpb8P_wAAAAk"]
[Fri Jun 12 20:01:59.423970 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "aiyP55IjhtVyOPygpb8QBgAAAAk"]
[Fri Jun 12 20:01:59.424259 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/HEAD"] [unique_id "aiyP55IjhtVyOPygpb8QBgAAAAk"]
[Fri Jun 12 20:01:59.436343 2026] [security2:error] [pid 5462:tid 5476] [client 208.84.100.38:45978] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aiyP55IjhtVyOPygpb8QBwAAAAg"]
[Fri Jun 12 20:01:59.436576 2026] [security2:error] [pid 5462:tid 5476] [client 208.84.100.38:45978] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aiyP55IjhtVyOPygpb8QBwAAAAg"]
[Fri Jun 12 20:01:59.436802 2026] [security2:error] [pid 5462:tid 5476] [client 208.84.100.38:45978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production~"] [unique_id "aiyP55IjhtVyOPygpb8QBwAAAAg"]
[Fri Jun 12 20:01:59.628465 2026] [security2:error] [pid 4266:tid 4285] [client 208.84.100.38:45906] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aiyP58UEq4FMpjHchqQ08QAAAJE"]
[Fri Jun 12 20:01:59.628657 2026] [security2:error] [pid 4266:tid 4285] [client 208.84.100.38:45906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aiyP58UEq4FMpjHchqQ08QAAAJE"]
[Fri Jun 12 20:01:59.628894 2026] [security2:error] [pid 4266:tid 4285] [client 208.84.100.38:45906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.swp"] [unique_id "aiyP58UEq4FMpjHchqQ08QAAAJE"]
[Fri Jun 12 20:01:59.629155 2026] [security2:error] [pid 4309:tid 4316] [client 208.84.100.38:45858] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aiyP54VsvRFmPfhh-xjarwAAAEQ"]
[Fri Jun 12 20:01:59.629380 2026] [security2:error] [pid 4309:tid 4316] [client 208.84.100.38:45858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aiyP54VsvRFmPfhh-xjarwAAAEQ"]
[Fri Jun 12 20:01:59.629590 2026] [security2:error] [pid 4309:tid 4316] [client 208.84.100.38:45858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.bak"] [unique_id "aiyP54VsvRFmPfhh-xjarwAAAEQ"]
[Fri Jun 12 20:01:59.631825 2026] [security2:error] [pid 5057:tid 5062] [client 208.84.100.38:46010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.orig"] [unique_id "aiyP5xoFVnsH4cPWudgS6QAAAQA"]
[Fri Jun 12 20:01:59.632116 2026] [security2:error] [pid 5057:tid 5062] [client 208.84.100.38:46010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.orig"] [unique_id "aiyP5xoFVnsH4cPWudgS6QAAAQA"]
[Fri Jun 12 20:01:59.633923 2026] [security2:error] [pid 4309:tid 4314] [client 208.84.100.38:45910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.orig"] [unique_id "aiyP54VsvRFmPfhh-xjasAAAAEI"]
[Fri Jun 12 20:01:59.634119 2026] [security2:error] [pid 4309:tid 4314] [client 208.84.100.38:45910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.orig"] [unique_id "aiyP54VsvRFmPfhh-xjasAAAAEI"]
[Fri Jun 12 20:01:59.634583 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:46016] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aiyP5xoFVnsH4cPWudgS6gAAARQ"]
[Fri Jun 12 20:01:59.634823 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:46016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/refs/heads/master"] [unique_id "aiyP5xoFVnsH4cPWudgS6gAAARQ"]
[Fri Jun 12 20:01:59.636658 2026] [security2:error] [pid 4266:tid 4273] [client 208.84.100.38:45850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyP58UEq4FMpjHchqQ08gAAAIU"]
[Fri Jun 12 20:01:59.637053 2026] [security2:error] [pid 4310:tid 4345] [client 208.84.100.38:45826] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aiyP51unT5cBeiKzNzve-AAAAMU"]
[Fri Jun 12 20:01:59.637288 2026] [security2:error] [pid 4310:tid 4345] [client 208.84.100.38:45826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/logs/HEAD"] [unique_id "aiyP51unT5cBeiKzNzve-AAAAMU"]
[Fri Jun 12 20:01:59.637523 2026] [security2:error] [pid 3956:tid 3968] [client 208.84.100.38:45842] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyP59aJbkbJfrdoQW1CNgAAAUg"]
[Fri Jun 12 20:01:59.637682 2026] [security2:error] [pid 3956:tid 3968] [client 208.84.100.38:45842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyP59aJbkbJfrdoQW1CNgAAAUg"]
[Fri Jun 12 20:01:59.637889 2026] [security2:error] [pid 3956:tid 3968] [client 208.84.100.38:45842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyP59aJbkbJfrdoQW1CNgAAAUg"]
[Fri Jun 12 20:01:59.639951 2026] [security2:error] [pid 4310:tid 4344] [client 208.84.100.38:45994] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aiyP51unT5cBeiKzNzve-QAAAMQ"]
[Fri Jun 12 20:01:59.640195 2026] [security2:error] [pid 4310:tid 4344] [client 208.84.100.38:45994] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aiyP51unT5cBeiKzNzve-QAAAMQ"]
[Fri Jun 12 20:01:59.640384 2026] [security2:error] [pid 4310:tid 4344] [client 208.84.100.38:45994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.swp"] [unique_id "aiyP51unT5cBeiKzNzve-QAAAMQ"]
[Fri Jun 12 20:01:59.641419 2026] [security2:error] [pid 4266:tid 4278] [client 208.84.100.38:45942] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aiyP58UEq4FMpjHchqQ08wAAAIo"]
[Fri Jun 12 20:01:59.641664 2026] [security2:error] [pid 4266:tid 4278] [client 208.84.100.38:45942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aiyP58UEq4FMpjHchqQ08wAAAIo"]
[Fri Jun 12 20:01:59.641930 2026] [security2:error] [pid 4266:tid 4278] [client 208.84.100.38:45942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.old"] [unique_id "aiyP58UEq4FMpjHchqQ08wAAAIo"]
[Fri Jun 12 20:01:59.643064 2026] [security2:error] [pid 4309:tid 4318] [client 208.84.100.38:45894] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aiyP54VsvRFmPfhh-xjasQAAAEY"]
[Fri Jun 12 20:01:59.643281 2026] [security2:error] [pid 4309:tid 4318] [client 208.84.100.38:45894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aiyP54VsvRFmPfhh-xjasQAAAEY"]
[Fri Jun 12 20:01:59.643499 2026] [security2:error] [pid 4309:tid 4318] [client 208.84.100.38:45894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local~"] [unique_id "aiyP54VsvRFmPfhh-xjasQAAAEY"]
[Fri Jun 12 20:01:59.643915 2026] [security2:error] [pid 4266:tid 4273] [client 208.84.100.38:45850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyP58UEq4FMpjHchqQ08gAAAIU"]
[Fri Jun 12 20:01:59.645003 2026] [security2:error] [pid 5462:tid 5480] [client 208.84.100.38:45936] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aiyP55IjhtVyOPygpb8QCQAAAAw"]
[Fri Jun 12 20:01:59.645270 2026] [security2:error] [pid 5462:tid 5480] [client 208.84.100.38:45936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aiyP55IjhtVyOPygpb8QCQAAAAw"]
[Fri Jun 12 20:01:59.646230 2026] [security2:error] [pid 5462:tid 5480] [client 208.84.100.38:45936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.bak"] [unique_id "aiyP55IjhtVyOPygpb8QCQAAAAw"]
[Fri Jun 12 20:01:59.646369 2026] [security2:error] [pid 5462:tid 5484] [client 208.84.100.38:45964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.save"] [unique_id "aiyP55IjhtVyOPygpb8QCgAAABA"]
[Fri Jun 12 20:01:59.646674 2026] [security2:error] [pid 5462:tid 5484] [client 208.84.100.38:45964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.save"] [unique_id "aiyP55IjhtVyOPygpb8QCgAAABA"]
[Fri Jun 12 20:01:59.647549 2026] [security2:error] [pid 3956:tid 3969] [client 208.84.100.38:45892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.save"] [unique_id "aiyP59aJbkbJfrdoQW1CNwAAAUk"]
[Fri Jun 12 20:01:59.647875 2026] [security2:error] [pid 3956:tid 3969] [client 208.84.100.38:45892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.save"] [unique_id "aiyP59aJbkbJfrdoQW1CNwAAAUk"]
[Fri Jun 12 20:01:59.650666 2026] [security2:error] [pid 4310:tid 4349] [client 208.84.100.38:45868] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aiyP51unT5cBeiKzNzve-gAAAMk"]
[Fri Jun 12 20:01:59.650918 2026] [security2:error] [pid 4310:tid 4349] [client 208.84.100.38:45868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aiyP51unT5cBeiKzNzve-gAAAMk"]
[Fri Jun 12 20:01:59.651128 2026] [security2:error] [pid 4310:tid 4349] [client 208.84.100.38:45868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.old"] [unique_id "aiyP51unT5cBeiKzNzve-gAAAMk"]
[Fri Jun 12 20:01:59.653529 2026] [security2:error] [pid 5057:tid 5080] [client 208.84.100.38:45830] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env~"] [unique_id "aiyP5xoFVnsH4cPWudgS6AAAARI"]
[Fri Jun 12 20:01:59.653765 2026] [security2:error] [pid 5057:tid 5080] [client 208.84.100.38:45830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env~"] [unique_id "aiyP5xoFVnsH4cPWudgS6AAAARI"]
[Fri Jun 12 20:01:59.653956 2026] [security2:error] [pid 5057:tid 5080] [client 208.84.100.38:45830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env~"] [unique_id "aiyP5xoFVnsH4cPWudgS6AAAARI"]
[Fri Jun 12 20:01:59.718391 2026] [security2:error] [pid 4309:tid 4326] [client 208.84.100.38:45952] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aiyP54VsvRFmPfhh-xjaswAAAE4"]
[Fri Jun 12 20:01:59.718672 2026] [security2:error] [pid 4309:tid 4326] [client 208.84.100.38:45952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aiyP54VsvRFmPfhh-xjaswAAAE4"]
[Fri Jun 12 20:01:59.718919 2026] [security2:error] [pid 4309:tid 4326] [client 208.84.100.38:45952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.production.backup"] [unique_id "aiyP54VsvRFmPfhh-xjaswAAAE4"]
[Fri Jun 12 20:01:59.725867 2026] [security2:error] [pid 3956:tid 3962] [client 208.84.100.38:45852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.copy"] [unique_id "aiyP59aJbkbJfrdoQW1COAAAAUI"]
[Fri Jun 12 20:01:59.726082 2026] [security2:error] [pid 3956:tid 3962] [client 208.84.100.38:45852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.copy"] [unique_id "aiyP59aJbkbJfrdoQW1COAAAAUI"]
[Fri Jun 12 20:01:59.730986 2026] [security2:error] [pid 5057:tid 5072] [client 208.84.100.38:45812] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aiyP5xoFVnsH4cPWudgS7AAAAQo"]
[Fri Jun 12 20:01:59.731329 2026] [security2:error] [pid 5057:tid 5072] [client 208.84.100.38:45812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/refs/heads/main"] [unique_id "aiyP5xoFVnsH4cPWudgS7AAAAQo"]
[Fri Jun 12 20:01:59.734707 2026] [security2:error] [pid 4310:tid 4352] [client 208.84.100.38:45804] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/config"] [unique_id "aiyP51unT5cBeiKzNzve-wAAAMw"]
[Fri Jun 12 20:01:59.734997 2026] [security2:error] [pid 4310:tid 4352] [client 208.84.100.38:45804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/config"] [unique_id "aiyP51unT5cBeiKzNzve-wAAAMw"]
[Fri Jun 12 20:01:59.737810 2026] [security2:error] [pid 4266:tid 4279] [client 208.84.100.38:45800] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aiyP58UEq4FMpjHchqQ09AAAAIs"]
[Fri Jun 12 20:01:59.737902 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:45926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.copy"] [unique_id "aiyP55IjhtVyOPygpb8QCwAAAAQ"]
[Fri Jun 12 20:01:59.738025 2026] [security2:error] [pid 4266:tid 4279] [client 208.84.100.38:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.git/FETCH_HEAD"] [unique_id "aiyP58UEq4FMpjHchqQ09AAAAIs"]
[Fri Jun 12 20:01:59.738108 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:45926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.copy"] [unique_id "aiyP55IjhtVyOPygpb8QCwAAAAQ"]
[Fri Jun 12 20:01:59.742377 2026] [security2:error] [pid 5057:tid 5083] [client 208.84.100.38:45876] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aiyP5xoFVnsH4cPWudgS7QAAARU"]
[Fri Jun 12 20:01:59.742563 2026] [security2:error] [pid 5057:tid 5083] [client 208.84.100.38:45876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aiyP5xoFVnsH4cPWudgS7QAAARU"]
[Fri Jun 12 20:01:59.742805 2026] [security2:error] [pid 5057:tid 5083] [client 208.84.100.38:45876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns2.erhabenn.com.br"] [uri "/.env.local.backup"] [unique_id "aiyP5xoFVnsH4cPWudgS7QAAARU"]
[Fri Jun 12 20:02:00.583092 2026] [security2:error] [pid 5462:tid 5476] [client 208.84.100.38:45978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP55IjhtVyOPygpb8QBwAAAAg"]
[Fri Jun 12 20:02:00.946038 2026] [security2:error] [pid 5462:tid 5477] [client 208.84.100.38:14554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP55IjhtVyOPygpb8QBgAAAAk"]
[Fri Jun 12 20:02:00.947254 2026] [security2:error] [pid 5462:tid 5480] [client 208.84.100.38:45936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP55IjhtVyOPygpb8QCQAAAAw"]
[Fri Jun 12 20:02:00.995604 2026] [security2:error] [pid 4309:tid 4314] [client 208.84.100.38:45910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP54VsvRFmPfhh-xjasAAAAEI"]
[Fri Jun 12 20:02:01.037480 2026] [security2:error] [pid 5462:tid 5484] [client 208.84.100.38:45964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP55IjhtVyOPygpb8QCgAAABA"]
[Fri Jun 12 20:02:01.047211 2026] [security2:error] [pid 4309:tid 4316] [client 208.84.100.38:45858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP54VsvRFmPfhh-xjarwAAAEQ"]
[Fri Jun 12 20:02:01.097014 2026] [security2:error] [pid 5057:tid 5082] [client 208.84.100.38:46016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5xoFVnsH4cPWudgS6gAAARQ"]
[Fri Jun 12 20:02:01.158097 2026] [security2:error] [pid 3956:tid 3969] [client 208.84.100.38:45892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP59aJbkbJfrdoQW1CNwAAAUk"]
[Fri Jun 12 20:02:01.262437 2026] [security2:error] [pid 4266:tid 4278] [client 208.84.100.38:45942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP58UEq4FMpjHchqQ08wAAAIo"]
[Fri Jun 12 20:02:01.272938 2026] [security2:error] [pid 4310:tid 4345] [client 208.84.100.38:45826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP51unT5cBeiKzNzve-AAAAMU"]
[Fri Jun 12 20:02:01.294152 2026] [security2:error] [pid 4309:tid 4318] [client 208.84.100.38:45894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP54VsvRFmPfhh-xjasQAAAEY"]
[Fri Jun 12 20:02:01.299993 2026] [security2:error] [pid 4310:tid 4344] [client 208.84.100.38:45994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP51unT5cBeiKzNzve-QAAAMQ"]
[Fri Jun 12 20:02:01.310094 2026] [security2:error] [pid 4309:tid 4326] [client 208.84.100.38:45952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP54VsvRFmPfhh-xjaswAAAE4"]
[Fri Jun 12 20:02:01.315929 2026] [security2:error] [pid 5462:tid 5472] [client 208.84.100.38:45926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP55IjhtVyOPygpb8QCwAAAAQ"]
[Fri Jun 12 20:02:01.329476 2026] [security2:error] [pid 4266:tid 4285] [client 208.84.100.38:45906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP58UEq4FMpjHchqQ08QAAAJE"]
[Fri Jun 12 20:02:01.347983 2026] [security2:error] [pid 5057:tid 5083] [client 208.84.100.38:45876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5xoFVnsH4cPWudgS7QAAARU"]
[Fri Jun 12 20:02:01.353312 2026] [security2:error] [pid 5057:tid 5062] [client 208.84.100.38:46010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5xoFVnsH4cPWudgS6QAAAQA"]
[Fri Jun 12 20:02:01.366786 2026] [security2:error] [pid 4266:tid 4273] [client 208.84.100.38:45850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP58UEq4FMpjHchqQ08gAAAIU"]
[Fri Jun 12 20:02:01.376142 2026] [security2:error] [pid 5057:tid 5080] [client 208.84.100.38:45830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5xoFVnsH4cPWudgS6AAAARI"]
[Fri Jun 12 20:02:01.457009 2026] [security2:error] [pid 4266:tid 4279] [client 208.84.100.38:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP58UEq4FMpjHchqQ09AAAAIs"]
[Fri Jun 12 20:02:01.469855 2026] [security2:error] [pid 3956:tid 3968] [client 208.84.100.38:45842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP59aJbkbJfrdoQW1CNgAAAUg"]
[Fri Jun 12 20:02:01.474019 2026] [security2:error] [pid 5057:tid 5072] [client 208.84.100.38:45812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP5xoFVnsH4cPWudgS7AAAAQo"]
[Fri Jun 12 20:02:01.481759 2026] [security2:error] [pid 4310:tid 4349] [client 208.84.100.38:45868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP51unT5cBeiKzNzve-gAAAMk"]
[Fri Jun 12 20:02:01.530991 2026] [security2:error] [pid 3956:tid 3962] [client 208.84.100.38:45852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP59aJbkbJfrdoQW1COAAAAUI"]
[Fri Jun 12 20:02:01.614929 2026] [security2:error] [pid 4310:tid 4352] [client 208.84.100.38:45804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "ns2.erhabenn.com.br"] [uri "/index.php"] [unique_id "aiyP51unT5cBeiKzNzve-wAAAMw"]
[Fri Jun 12 20:03:18.296412 2026] [security2:error] [pid 4310:tid 4346] [client 93.123.109.214:45666] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiyQNlunT5cBeiKzNzvg0wAAAMY"]
[Fri Jun 12 20:03:18.296600 2026] [security2:error] [pid 4310:tid 4346] [client 93.123.109.214:45666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiyQNlunT5cBeiKzNzvg0wAAAMY"]
[Fri Jun 12 20:03:18.296860 2026] [security2:error] [pid 4310:tid 4346] [client 93.123.109.214:45666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyQNlunT5cBeiKzNzvg0wAAAMY"]
[Fri Jun 12 20:03:18.319749 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:45672] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.git/config"] [unique_id "aiyQNtaJbkbJfrdoQW1DWAAAAVc"]
[Fri Jun 12 20:03:18.319997 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:45672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.git/config"] [unique_id "aiyQNtaJbkbJfrdoQW1DWAAAAVc"]
[Fri Jun 12 20:03:18.320283 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:45672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyQNtaJbkbJfrdoQW1DWAAAAVc"]
[Fri Jun 12 20:03:57.981285 2026] [security2:error] [pid 4309:tid 4318] [client 93.123.109.214:47038] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.wp-config.php.swp"] [unique_id "aiyQXYVsvRFmPfhh-xjc4QAAAEY"]
[Fri Jun 12 20:03:57.981547 2026] [security2:error] [pid 4309:tid 4318] [client 93.123.109.214:47038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.wp-config.php.swp"] [unique_id "aiyQXYVsvRFmPfhh-xjc4QAAAEY"]
[Fri Jun 12 20:03:57.981777 2026] [security2:error] [pid 4309:tid 4318] [client 93.123.109.214:47038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyQXYVsvRFmPfhh-xjc4QAAAEY"]
[Fri Jun 12 20:04:43.451641 2026] [security2:error] [pid 5057:tid 5068] [client 198.235.24.159:52919] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiyQixoFVnsH4cPWudgVIAAAAQY"]
[Fri Jun 12 20:07:41.054076 2026] [security2:error] [pid 3956:tid 3968] [client 88.151.32.61:37546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.env.example"] [unique_id "aiyRPdaJbkbJfrdoQW1HmwAAAUg"]
[Fri Jun 12 20:07:41.054358 2026] [security2:error] [pid 3956:tid 3968] [client 88.151.32.61:37546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.env.example"] [unique_id "aiyRPdaJbkbJfrdoQW1HmwAAAUg"]
[Fri Jun 12 20:07:41.142876 2026] [security2:error] [pid 4266:tid 4288] [client 88.151.32.61:60068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.env"] [unique_id "aiyRPcUEq4FMpjHchqQ65QAAAJQ"]
[Fri Jun 12 20:07:41.143187 2026] [security2:error] [pid 4266:tid 4288] [client 88.151.32.61:60068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.env"] [unique_id "aiyRPcUEq4FMpjHchqQ65QAAAJQ"]
[Fri Jun 12 20:07:41.147745 2026] [security2:error] [pid 4310:tid 4358] [client 88.151.32.61:60052] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiyRPVunT5cBeiKzNzvlNwAAANI"]
[Fri Jun 12 20:07:41.147945 2026] [security2:error] [pid 4310:tid 4358] [client 88.151.32.61:60052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.aws/credentials"] [unique_id "aiyRPVunT5cBeiKzNzvlNwAAANI"]
[Fri Jun 12 20:07:41.623395 2026] [security2:error] [pid 3956:tid 3968] [client 88.151.32.61:37546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRPdaJbkbJfrdoQW1HmwAAAUg"]
[Fri Jun 12 20:07:41.637667 2026] [security2:error] [pid 4266:tid 4288] [client 88.151.32.61:60068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRPcUEq4FMpjHchqQ65QAAAJQ"]
[Fri Jun 12 20:07:41.871075 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/api/.env"] [unique_id "aiyRPRoFVnsH4cPWudgXsQAAAQI"]
[Fri Jun 12 20:07:41.871367 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/api/.env"] [unique_id "aiyRPRoFVnsH4cPWudgXsQAAAQI"]
[Fri Jun 12 20:07:41.931214 2026] [security2:error] [pid 4310:tid 4358] [client 88.151.32.61:60052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRPVunT5cBeiKzNzvlNwAAANI"]
[Fri Jun 12 20:07:42.674779 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRPRoFVnsH4cPWudgXsQAAAQI"]
[Fri Jun 12 20:07:45.594574 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/backend/.env"] [unique_id "aiyRQRoFVnsH4cPWudgXugAAAQI"]
[Fri Jun 12 20:07:45.595054 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/backend/.env"] [unique_id "aiyRQRoFVnsH4cPWudgXugAAAQI"]
[Fri Jun 12 20:07:45.928832 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRQRoFVnsH4cPWudgXugAAAQI"]
[Fri Jun 12 20:07:46.187964 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/admin/.env"] [unique_id "aiyRQsUEq4FMpjHchqQ7AAAAAII"]
[Fri Jun 12 20:07:46.188295 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/admin/.env"] [unique_id "aiyRQsUEq4FMpjHchqQ7AAAAAII"]
[Fri Jun 12 20:07:46.688011 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRQsUEq4FMpjHchqQ7AAAAAII"]
[Fri Jun 12 20:07:49.844928 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.machen.ai"] [uri "/.env.bak"] [unique_id "aiyRRRoFVnsH4cPWudgXywAAAQI"]
[Fri Jun 12 20:07:49.845180 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.env.bak"] [unique_id "aiyRRRoFVnsH4cPWudgXywAAAQI"]
[Fri Jun 12 20:07:49.845377 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.env.bak"] [unique_id "aiyRRRoFVnsH4cPWudgXywAAAQI"]
[Fri Jun 12 20:07:50.197021 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRRRoFVnsH4cPWudgXywAAAQI"]
[Fri Jun 12 20:07:51.180560 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.env.local"] [unique_id "aiyRR8UEq4FMpjHchqQ7GgAAAII"]
[Fri Jun 12 20:07:51.180930 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.env.local"] [unique_id "aiyRR8UEq4FMpjHchqQ7GgAAAII"]
[Fri Jun 12 20:07:51.476846 2026] [security2:error] [pid 4266:tid 4270] [client 88.151.32.61:60014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRR8UEq4FMpjHchqQ7GgAAAII"]
[Fri Jun 12 20:07:54.121278 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.machen.ai"] [uri "/.env.backup"] [unique_id "aiyRShoFVnsH4cPWudgX3AAAAQI"]
[Fri Jun 12 20:07:54.121456 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.machen.ai"] [uri "/.env.backup"] [unique_id "aiyRShoFVnsH4cPWudgX3AAAAQI"]
[Fri Jun 12 20:07:54.121630 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.machen.ai"] [uri "/.env.backup"] [unique_id "aiyRShoFVnsH4cPWudgX3AAAAQI"]
[Fri Jun 12 20:07:54.555043 2026] [security2:error] [pid 5057:tid 5064] [client 88.151.32.61:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.machen.ai"] [uri "/index.php"] [unique_id "aiyRShoFVnsH4cPWudgX3AAAAQI"]
[Fri Jun 12 20:07:59.878408 2026] [rewrite:error] [pid 5057:tid 5081] [client 93.123.109.214:45060] AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F, referer: http://fls.machen.ai/admin/config?cmd=cat%20/root/.aws/credentials
[Fri Jun 12 20:07:59.878490 2026] [rewrite:error] [pid 5057:tid 5081] [client 93.123.109.214:45060] AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F, referer: http://fls.machen.ai/admin/config?cmd=cat%20/root/.aws/credentials
[Fri Jun 12 20:10:46.741152 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:39940] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/app/config/development.ini"] [unique_id "aiyR9oVsvRFmPfhh-xjjrQAAAFE"]
[Fri Jun 12 20:10:46.741551 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:39940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/app/config/development.ini"] [unique_id "aiyR9oVsvRFmPfhh-xjjrQAAAFE"]
[Fri Jun 12 20:10:46.741965 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:39940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyR9oVsvRFmPfhh-xjjrQAAAFE"]
[Fri Jun 12 20:10:55.002070 2026] [security2:error] [pid 3956:tid 3969] [client 93.123.109.214:35504] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiyR_9aJbkbJfrdoQW1KYQAAAUk"]
[Fri Jun 12 20:10:55.002271 2026] [security2:error] [pid 3956:tid 3969] [client 93.123.109.214:35504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/app/config/parameters.yml"] [unique_id "aiyR_9aJbkbJfrdoQW1KYQAAAUk"]
[Fri Jun 12 20:10:55.002466 2026] [security2:error] [pid 3956:tid 3969] [client 93.123.109.214:35504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyR_9aJbkbJfrdoQW1KYQAAAUk"]
[Fri Jun 12 20:10:57.362779 2026] [security2:error] [pid 4309:tid 4321] [client 93.123.109.214:35512] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/app/config/parameters.yml.dist"] [unique_id "aiySAYVsvRFmPfhh-xjkAAAAAEk"]
[Fri Jun 12 20:10:57.362965 2026] [security2:error] [pid 4309:tid 4321] [client 93.123.109.214:35512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/app/config/parameters.yml.dist"] [unique_id "aiySAYVsvRFmPfhh-xjkAAAAAEk"]
[Fri Jun 12 20:10:57.363207 2026] [security2:error] [pid 4309:tid 4321] [client 93.123.109.214:35512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiySAYVsvRFmPfhh-xjkAAAAAEk"]
[Fri Jun 12 20:12:08.412167 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:58192] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/aws_credentials.ini"] [unique_id "aiySSNaJbkbJfrdoQW1LJgAAAUY"]
[Fri Jun 12 20:12:08.412530 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:58192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/aws_credentials.ini"] [unique_id "aiySSNaJbkbJfrdoQW1LJgAAAUY"]
[Fri Jun 12 20:12:08.412768 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:58192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiySSNaJbkbJfrdoQW1LJgAAAUY"]
[Fri Jun 12 20:13:09.358402 2026] [cgid:error] [pid 5057:tid 5068] [client 66.132.195.92:41012] AH01265: stderr from /disk001/machen/public_html/suporte/cgi-bin/: attempt to invoke directory as script, referer: https://www.suporte.machen.ai:443/cgi-bin
[Fri Jun 12 20:14:02.161956 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45926] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/config.prod.ini"] [unique_id "aiySuhoFVnsH4cPWudgdVgAAAQI"]
[Fri Jun 12 20:14:02.162284 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/config.prod.ini"] [unique_id "aiySuhoFVnsH4cPWudgdVgAAAQI"]
[Fri Jun 12 20:14:02.162578 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiySuhoFVnsH4cPWudgdVgAAAQI"]
[Fri Jun 12 20:14:52.724829 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:55446] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/config/aws.ini"] [unique_id "aiyS7MUEq4FMpjHchqRBdQAAAIg"]
[Fri Jun 12 20:14:52.725197 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:55446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/config/aws.ini"] [unique_id "aiyS7MUEq4FMpjHchqRBdQAAAIg"]
[Fri Jun 12 20:14:52.725398 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:55446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyS7MUEq4FMpjHchqRBdQAAAIg"]
[Fri Jun 12 20:16:14.299546 2026] [security2:error] [pid 3956:tid 3964] [client 93.123.109.214:36280] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiyTPtaJbkbJfrdoQW1O4AAAAUQ"]
[Fri Jun 12 20:16:14.299827 2026] [security2:error] [pid 3956:tid 3964] [client 93.123.109.214:36280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/config/parameters.yml"] [unique_id "aiyTPtaJbkbJfrdoQW1O4AAAAUQ"]
[Fri Jun 12 20:16:14.300140 2026] [security2:error] [pid 3956:tid 3964] [client 93.123.109.214:36280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyTPtaJbkbJfrdoQW1O4AAAAUQ"]
[Fri Jun 12 20:16:55.913661 2026] [security2:error] [pid 4310:tid 4357] [client 4.239.70.1:62461] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "vps.erhabenn.com.br"] [uri "/"] [unique_id "aiyTZ1unT5cBeiKzNzvvbAAAANE"]
[Fri Jun 12 20:16:57.143376 2026] [security2:error] [pid 5462:tid 5476] [client 4.239.70.1:62515] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "augenn.com"] [uri "/"] [unique_id "aiyTaZIjhtVyOPygpb8gIQAAAAg"]
[Fri Jun 12 20:17:14.191470 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:55660] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/configs/application.ini"] [unique_id "aiyTepIjhtVyOPygpb8gVQAAAAg"]
[Fri Jun 12 20:17:14.192098 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:55660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/configs/application.ini"] [unique_id "aiyTepIjhtVyOPygpb8gVQAAAAg"]
[Fri Jun 12 20:17:14.192380 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:55660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyTepIjhtVyOPygpb8gVQAAAAg"]
[Fri Jun 12 20:17:28.400645 2026] [security2:error] [pid 5462:tid 5482] [client 93.123.109.214:52528] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/constants.ini"] [unique_id "aiyTiJIjhtVyOPygpb8gigAAAA4"]
[Fri Jun 12 20:17:28.401373 2026] [security2:error] [pid 5462:tid 5482] [client 93.123.109.214:52528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/constants.ini"] [unique_id "aiyTiJIjhtVyOPygpb8gigAAAA4"]
[Fri Jun 12 20:17:28.401621 2026] [security2:error] [pid 5462:tid 5482] [client 93.123.109.214:52528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyTiJIjhtVyOPygpb8gigAAAA4"]
[Fri Jun 12 20:17:34.493730 2026] [security2:error] [pid 4309:tid 4312] [client 78.153.140.250:47366] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyTjoVsvRFmPfhh-xjqNwAAAEA"]
[Fri Jun 12 20:17:34.493923 2026] [security2:error] [pid 4309:tid 4312] [client 78.153.140.250:47366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyTjoVsvRFmPfhh-xjqNwAAAEA"]
[Fri Jun 12 20:17:34.494116 2026] [security2:error] [pid 4309:tid 4312] [client 78.153.140.250:47366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyTjoVsvRFmPfhh-xjqNwAAAEA"]
[Fri Jun 12 20:17:34.576055 2026] [security2:error] [pid 4309:tid 4312] [client 78.153.140.250:47366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyTjoVsvRFmPfhh-xjqNwAAAEA"]
[Fri Jun 12 20:17:35.888608 2026] [security2:error] [pid 5057:tid 5078] [client 78.153.140.250:47372] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyTjxoFVnsH4cPWudgguwAAARA"]
[Fri Jun 12 20:18:21.225737 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:49910] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/credentials.ini"] [unique_id "aiyTvdaJbkbJfrdoQW1QqwAAAVU"]
[Fri Jun 12 20:18:21.226055 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:49910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/credentials.ini"] [unique_id "aiyTvdaJbkbJfrdoQW1QqwAAAVU"]
[Fri Jun 12 20:18:21.226268 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:49910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyTvdaJbkbJfrdoQW1QqwAAAVU"]
[Fri Jun 12 20:21:45.431219 2026] [security2:error] [pid 5462:tid 5473] [client 93.123.109.214:52698] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/settings.ini"] [unique_id "aiyUiZIjhtVyOPygpb8ksgAAAAU"]
[Fri Jun 12 20:21:45.431628 2026] [security2:error] [pid 5462:tid 5473] [client 93.123.109.214:52698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/settings.ini"] [unique_id "aiyUiZIjhtVyOPygpb8ksgAAAAU"]
[Fri Jun 12 20:21:45.431891 2026] [security2:error] [pid 5462:tid 5473] [client 93.123.109.214:52698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyUiZIjhtVyOPygpb8ksgAAAAU"]
[Fri Jun 12 20:25:24.815112 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45060] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/wp-config.php"] [unique_id "aiyVZBoFVnsH4cPWudgqpQAAAQI"]
[Fri Jun 12 20:25:24.815441 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp-config.php"] [unique_id "aiyVZBoFVnsH4cPWudgqpQAAAQI"]
[Fri Jun 12 20:25:24.815738 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:45060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVZBoFVnsH4cPWudgqpQAAAQI"]
[Fri Jun 12 20:25:27.550253 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:45074] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiyVZxoFVnsH4cPWudgqsgAAAQk"]
[Fri Jun 12 20:25:27.550878 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:45074] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiyVZxoFVnsH4cPWudgqsgAAAQk"]
[Fri Jun 12 20:25:27.551130 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:45074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp-config.php.bak"] [unique_id "aiyVZxoFVnsH4cPWudgqsgAAAQk"]
[Fri Jun 12 20:25:27.551443 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:45074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVZxoFVnsH4cPWudgqsgAAAQk"]
[Fri Jun 12 20:25:37.226482 2026] [security2:error] [pid 5057:tid 5065] [client 93.123.109.214:40202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/wp-config.php.new"] [unique_id "aiyVcRoFVnsH4cPWudgq5QAAAQM"]
[Fri Jun 12 20:25:37.226794 2026] [security2:error] [pid 5057:tid 5065] [client 93.123.109.214:40202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp-config.php.new"] [unique_id "aiyVcRoFVnsH4cPWudgq5QAAAQM"]
[Fri Jun 12 20:25:37.227100 2026] [security2:error] [pid 5057:tid 5065] [client 93.123.109.214:40202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVcRoFVnsH4cPWudgq5QAAAQM"]
[Fri Jun 12 20:25:39.895604 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:58468] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiyVc9aJbkbJfrdoQW1YbQAAAUI"]
[Fri Jun 12 20:25:39.895777 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:58468] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiyVc9aJbkbJfrdoQW1YbQAAAUI"]
[Fri Jun 12 20:25:39.895934 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:58468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp-config.php.old"] [unique_id "aiyVc9aJbkbJfrdoQW1YbQAAAUI"]
[Fri Jun 12 20:25:39.896216 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:58468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVc9aJbkbJfrdoQW1YbQAAAUI"]
[Fri Jun 12 20:25:48.288799 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:58474] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/wp-content/mysql.sql"] [unique_id "aiyVfNaJbkbJfrdoQW1YkwAAAVc"]
[Fri Jun 12 20:25:48.289084 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:58474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp-content/mysql.sql"] [unique_id "aiyVfNaJbkbJfrdoQW1YkwAAAVc"]
[Fri Jun 12 20:25:48.289326 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:58474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVfNaJbkbJfrdoQW1YkwAAAVc"]
[Fri Jun 12 20:25:54.757808 2026] [security2:error] [pid 5057:tid 5075] [client 93.123.109.214:52852] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/wp_mail_smtp.ini"] [unique_id "aiyVghoFVnsH4cPWudgrRAAAAQ0"]
[Fri Jun 12 20:25:54.758048 2026] [security2:error] [pid 5057:tid 5075] [client 93.123.109.214:52852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/wp_mail_smtp.ini"] [unique_id "aiyVghoFVnsH4cPWudgrRAAAAQ0"]
[Fri Jun 12 20:25:54.758249 2026] [security2:error] [pid 5057:tid 5075] [client 93.123.109.214:52852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVghoFVnsH4cPWudgrRAAAAQ0"]
[Fri Jun 12 20:25:57.359483 2026] [security2:error] [pid 4310:tid 4356] [client 93.123.109.214:52862] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.docker/.env"] [unique_id "aiyVhVunT5cBeiKzNzv4WQAAANA"]
[Fri Jun 12 20:25:57.359646 2026] [security2:error] [pid 4310:tid 4356] [client 93.123.109.214:52862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.docker/.env"] [unique_id "aiyVhVunT5cBeiKzNzv4WQAAANA"]
[Fri Jun 12 20:25:57.359888 2026] [security2:error] [pid 4310:tid 4356] [client 93.123.109.214:52862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVhVunT5cBeiKzNzv4WQAAANA"]
[Fri Jun 12 20:26:15.877427 2026] [security2:error] [pid 4266:tid 4269] [client 93.123.109.214:52390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env"] [unique_id "aiyVl8UEq4FMpjHchqRMGwAAAIE"]
[Fri Jun 12 20:26:15.877653 2026] [security2:error] [pid 4266:tid 4269] [client 93.123.109.214:52390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env"] [unique_id "aiyVl8UEq4FMpjHchqRMGwAAAIE"]
[Fri Jun 12 20:26:15.877896 2026] [security2:error] [pid 4266:tid 4269] [client 93.123.109.214:52390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVl8UEq4FMpjHchqRMGwAAAIE"]
[Fri Jun 12 20:26:25.186384 2026] [security2:error] [pid 4309:tid 4326] [client 93.123.109.214:60290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env-example"] [unique_id "aiyVoYVsvRFmPfhh-xjycwAAAE4"]
[Fri Jun 12 20:26:25.186631 2026] [security2:error] [pid 4309:tid 4326] [client 93.123.109.214:60290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env-example"] [unique_id "aiyVoYVsvRFmPfhh-xjycwAAAE4"]
[Fri Jun 12 20:26:25.186973 2026] [security2:error] [pid 4309:tid 4326] [client 93.123.109.214:60290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVoYVsvRFmPfhh-xjycwAAAE4"]
[Fri Jun 12 20:26:38.623651 2026] [security2:error] [pid 4309:tid 4319] [client 93.123.109.214:35282] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyVroVsvRFmPfhh-xjyrAAAAEc"]
[Fri Jun 12 20:26:38.623836 2026] [security2:error] [pid 4309:tid 4319] [client 93.123.109.214:35282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyVroVsvRFmPfhh-xjyrAAAAEc"]
[Fri Jun 12 20:26:38.624072 2026] [security2:error] [pid 4309:tid 4319] [client 93.123.109.214:35282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.backup"] [unique_id "aiyVroVsvRFmPfhh-xjyrAAAAEc"]
[Fri Jun 12 20:26:38.624300 2026] [security2:error] [pid 4309:tid 4319] [client 93.123.109.214:35282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVroVsvRFmPfhh-xjyrAAAAEc"]
[Fri Jun 12 20:26:47.295998 2026] [security2:error] [pid 4266:tid 4280] [client 93.123.109.214:39330] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyVt8UEq4FMpjHchqRMrAAAAIw"]
[Fri Jun 12 20:26:47.296205 2026] [security2:error] [pid 4266:tid 4280] [client 93.123.109.214:39330] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyVt8UEq4FMpjHchqRMrAAAAIw"]
[Fri Jun 12 20:26:47.296382 2026] [security2:error] [pid 4266:tid 4280] [client 93.123.109.214:39330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.bak"] [unique_id "aiyVt8UEq4FMpjHchqRMrAAAAIw"]
[Fri Jun 12 20:26:47.296646 2026] [security2:error] [pid 4266:tid 4280] [client 93.123.109.214:39330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVt8UEq4FMpjHchqRMrAAAAIw"]
[Fri Jun 12 20:26:49.289763 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:41272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.config"] [unique_id "aiyVudaJbkbJfrdoQW1Z6wAAAVc"]
[Fri Jun 12 20:26:49.289987 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:41272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.config"] [unique_id "aiyVudaJbkbJfrdoQW1Z6wAAAVc"]
[Fri Jun 12 20:26:49.290206 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:41272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.config"] [unique_id "aiyVudaJbkbJfrdoQW1Z6wAAAVc"]
[Fri Jun 12 20:26:49.290541 2026] [security2:error] [pid 3956:tid 3983] [client 93.123.109.214:41272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVudaJbkbJfrdoQW1Z6wAAAVc"]
[Fri Jun 12 20:26:51.532588 2026] [security2:error] [pid 4266:tid 4270] [client 93.123.109.214:41282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.dev"] [unique_id "aiyVu8UEq4FMpjHchqRMxwAAAII"]
[Fri Jun 12 20:26:51.532857 2026] [security2:error] [pid 4266:tid 4270] [client 93.123.109.214:41282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.dev"] [unique_id "aiyVu8UEq4FMpjHchqRMxwAAAII"]
[Fri Jun 12 20:26:51.533181 2026] [security2:error] [pid 4266:tid 4270] [client 93.123.109.214:41282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVu8UEq4FMpjHchqRMxwAAAII"]
[Fri Jun 12 20:26:59.627812 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:56330] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.development"] [unique_id "aiyVw4VsvRFmPfhh-xjzJAAAAFg"]
[Fri Jun 12 20:26:59.627991 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:56330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.development"] [unique_id "aiyVw4VsvRFmPfhh-xjzJAAAAFg"]
[Fri Jun 12 20:26:59.628238 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:56330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVw4VsvRFmPfhh-xjzJAAAAFg"]
[Fri Jun 12 20:27:03.657460 2026] [security2:error] [pid 4310:tid 4351] [client 93.123.109.214:56336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.dist"] [unique_id "aiyVx1unT5cBeiKzNzv5SAAAAMs"]
[Fri Jun 12 20:27:03.657669 2026] [security2:error] [pid 4310:tid 4351] [client 93.123.109.214:56336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.dist"] [unique_id "aiyVx1unT5cBeiKzNzv5SAAAAMs"]
[Fri Jun 12 20:27:03.657901 2026] [security2:error] [pid 4310:tid 4351] [client 93.123.109.214:56336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVx1unT5cBeiKzNzv5SAAAAMs"]
[Fri Jun 12 20:27:06.309635 2026] [security2:error] [pid 3956:tid 3970] [client 93.123.109.214:56348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.docker"] [unique_id "aiyVytaJbkbJfrdoQW1aOAAAAUo"]
[Fri Jun 12 20:27:06.309909 2026] [security2:error] [pid 3956:tid 3970] [client 93.123.109.214:56348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.docker"] [unique_id "aiyVytaJbkbJfrdoQW1aOAAAAUo"]
[Fri Jun 12 20:27:06.310140 2026] [security2:error] [pid 3956:tid 3970] [client 93.123.109.214:56348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyVytaJbkbJfrdoQW1aOAAAAUo"]
[Fri Jun 12 20:27:14.152786 2026] [security2:error] [pid 4310:tid 4361] [client 93.123.109.214:41022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.docker.dev"] [unique_id "aiyV0lunT5cBeiKzNzv5YwAAANU"]
[Fri Jun 12 20:27:14.152963 2026] [security2:error] [pid 4310:tid 4361] [client 93.123.109.214:41022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.docker.dev"] [unique_id "aiyV0lunT5cBeiKzNzv5YwAAANU"]
[Fri Jun 12 20:27:14.153175 2026] [security2:error] [pid 4310:tid 4361] [client 93.123.109.214:41022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV0lunT5cBeiKzNzv5YwAAANU"]
[Fri Jun 12 20:27:16.805910 2026] [security2:error] [pid 4310:tid 4350] [client 93.123.109.214:41024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.example"] [unique_id "aiyV1FunT5cBeiKzNzv5aQAAAMo"]
[Fri Jun 12 20:27:16.806134 2026] [security2:error] [pid 4310:tid 4350] [client 93.123.109.214:41024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.example"] [unique_id "aiyV1FunT5cBeiKzNzv5aQAAAMo"]
[Fri Jun 12 20:27:16.806365 2026] [security2:error] [pid 4310:tid 4350] [client 93.123.109.214:41024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV1FunT5cBeiKzNzv5aQAAAMo"]
[Fri Jun 12 20:27:24.869874 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:56352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.int"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.int"] [unique_id "aiyV3BoFVnsH4cPWudgsNQAAAQs"]
[Fri Jun 12 20:27:24.870103 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:56352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.int"] [unique_id "aiyV3BoFVnsH4cPWudgsNQAAAQs"]
[Fri Jun 12 20:27:24.870328 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:56352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV3BoFVnsH4cPWudgsNQAAAQs"]
[Fri Jun 12 20:27:34.385309 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:43416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.live"] [unique_id "aiyV5hoFVnsH4cPWudgseAAAAQ4"]
[Fri Jun 12 20:27:34.385783 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:43416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.live"] [unique_id "aiyV5hoFVnsH4cPWudgseAAAAQ4"]
[Fri Jun 12 20:27:34.386057 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:43416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV5hoFVnsH4cPWudgseAAAAQ4"]
[Fri Jun 12 20:27:37.798491 2026] [security2:error] [pid 5462:tid 5479] [client 93.123.109.214:43432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.local"] [unique_id "aiyV6ZIjhtVyOPygpb8qPAAAAAs"]
[Fri Jun 12 20:27:37.798795 2026] [security2:error] [pid 5462:tid 5479] [client 93.123.109.214:43432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.local"] [unique_id "aiyV6ZIjhtVyOPygpb8qPAAAAAs"]
[Fri Jun 12 20:27:37.799116 2026] [security2:error] [pid 5462:tid 5479] [client 93.123.109.214:43432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV6ZIjhtVyOPygpb8qPAAAAAs"]
[Fri Jun 12 20:27:57.345156 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:40088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.php"] [unique_id "aiyV_VunT5cBeiKzNzv6EAAAAMw"]
[Fri Jun 12 20:27:57.345401 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:40088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.php"] [unique_id "aiyV_VunT5cBeiKzNzv6EAAAAMw"]
[Fri Jun 12 20:27:57.345638 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:40088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyV_VunT5cBeiKzNzv6EAAAAMw"]
[Fri Jun 12 20:28:00.311863 2026] [security2:error] [pid 4309:tid 4323] [client 93.123.109.214:35332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.prod"] [unique_id "aiyWAIVsvRFmPfhh-xjz7AAAAEs"]
[Fri Jun 12 20:28:00.312085 2026] [security2:error] [pid 4309:tid 4323] [client 93.123.109.214:35332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.prod"] [unique_id "aiyWAIVsvRFmPfhh-xjz7AAAAEs"]
[Fri Jun 12 20:28:00.312360 2026] [security2:error] [pid 4309:tid 4323] [client 93.123.109.214:35332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWAIVsvRFmPfhh-xjz7AAAAEs"]
[Fri Jun 12 20:28:14.985416 2026] [security2:error] [pid 3956:tid 3972] [client 93.123.109.214:58550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.project"] [unique_id "aiyWDtaJbkbJfrdoQW1awwAAAUw"]
[Fri Jun 12 20:28:14.985675 2026] [security2:error] [pid 3956:tid 3972] [client 93.123.109.214:58550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.project"] [unique_id "aiyWDtaJbkbJfrdoQW1awwAAAUw"]
[Fri Jun 12 20:28:14.985978 2026] [security2:error] [pid 3956:tid 3972] [client 93.123.109.214:58550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWDtaJbkbJfrdoQW1awwAAAUw"]
[Fri Jun 12 20:28:32.484346 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:38410] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.sample"] [unique_id "aiyWIFunT5cBeiKzNzv6XQAAAMw"]
[Fri Jun 12 20:28:32.484564 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:38410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.sample"] [unique_id "aiyWIFunT5cBeiKzNzv6XQAAAMw"]
[Fri Jun 12 20:28:32.484834 2026] [security2:error] [pid 4310:tid 4352] [client 93.123.109.214:38410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWIFunT5cBeiKzNzv6XQAAAMw"]
[Fri Jun 12 20:28:36.082911 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:38418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.save"] [unique_id "aiyWJBoFVnsH4cPWudgunwAAARc"]
[Fri Jun 12 20:28:36.083149 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:38418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.save"] [unique_id "aiyWJBoFVnsH4cPWudgunwAAARc"]
[Fri Jun 12 20:28:36.083406 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:38418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWJBoFVnsH4cPWudgunwAAARc"]
[Fri Jun 12 20:28:44.176480 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:38678] ModSecurity: Warning. Pattern match "\\\\.[^.~]+~(?:/.*|)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1081"] [id "920500"] [msg "Attempt to access a backup or working file"] [data ".env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env~"] [unique_id "aiyWLMUEq4FMpjHchqRPXAAAAI0"]
[Fri Jun 12 20:28:44.176612 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:38678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env~"] [unique_id "aiyWLMUEq4FMpjHchqRPXAAAAI0"]
[Fri Jun 12 20:28:44.176827 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:38678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env~"] [unique_id "aiyWLMUEq4FMpjHchqRPXAAAAI0"]
[Fri Jun 12 20:28:44.177042 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:38678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWLMUEq4FMpjHchqRPXAAAAI0"]
[Fri Jun 12 20:28:52.766360 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:58702] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/.env.swp"] [unique_id "aiyWNMUEq4FMpjHchqRPggAAAJg"]
[Fri Jun 12 20:28:52.766556 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:58702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/.env.swp"] [unique_id "aiyWNMUEq4FMpjHchqRPggAAAJg"]
[Fri Jun 12 20:28:52.766725 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:58702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/.env.swp"] [unique_id "aiyWNMUEq4FMpjHchqRPggAAAJg"]
[Fri Jun 12 20:28:52.767011 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:58702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWNMUEq4FMpjHchqRPggAAAJg"]
[Fri Jun 12 20:29:07.159182 2026] [security2:error] [pid 5057:tid 5078] [client 93.123.109.214:55598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/ADMIN/.env"] [unique_id "aiyWQxoFVnsH4cPWudgu9wAAARA"]
[Fri Jun 12 20:29:07.159529 2026] [security2:error] [pid 5057:tid 5078] [client 93.123.109.214:55598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/ADMIN/.env"] [unique_id "aiyWQxoFVnsH4cPWudgu9wAAARA"]
[Fri Jun 12 20:29:07.159797 2026] [security2:error] [pid 5057:tid 5078] [client 93.123.109.214:55598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWQxoFVnsH4cPWudgu9wAAARA"]
[Fri Jun 12 20:29:19.600952 2026] [security2:error] [pid 5057:tid 5086] [client 93.123.109.214:56492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/APP/.env"] [unique_id "aiyWTxoFVnsH4cPWudgvKQAAARg"]
[Fri Jun 12 20:29:19.601136 2026] [security2:error] [pid 5057:tid 5086] [client 93.123.109.214:56492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/APP/.env"] [unique_id "aiyWTxoFVnsH4cPWudgvKQAAARg"]
[Fri Jun 12 20:29:19.601350 2026] [security2:error] [pid 5057:tid 5086] [client 93.123.109.214:56492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWTxoFVnsH4cPWudgvKQAAARg"]
[Fri Jun 12 20:29:28.298018 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:56494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/Api/.env"] [unique_id "aiyWWBoFVnsH4cPWudgvVgAAAQI"]
[Fri Jun 12 20:29:28.298219 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:56494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/Api/.env"] [unique_id "aiyWWBoFVnsH4cPWudgvVgAAAQI"]
[Fri Jun 12 20:29:28.298462 2026] [security2:error] [pid 5057:tid 5064] [client 93.123.109.214:56494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWWBoFVnsH4cPWudgvVgAAAQI"]
[Fri Jun 12 20:29:57.224078 2026] [security2:error] [pid 4310:tid 4348] [client 93.123.109.214:35930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/Backend/.env"] [unique_id "aiyWdVunT5cBeiKzNzv7LAAAAMg"]
[Fri Jun 12 20:29:57.224573 2026] [security2:error] [pid 4310:tid 4348] [client 93.123.109.214:35930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/Backend/.env"] [unique_id "aiyWdVunT5cBeiKzNzv7LAAAAMg"]
[Fri Jun 12 20:29:57.224916 2026] [security2:error] [pid 4310:tid 4348] [client 93.123.109.214:35930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWdVunT5cBeiKzNzv7LAAAAMg"]
[Fri Jun 12 20:29:58.331793 2026] [cgid:error] [pid 4266:tid 4291] [client 216.73.216.241:40098] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 20:30:00.166764 2026] [security2:error] [pid 4266:tid 4268] [client 93.123.109.214:36336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/Be/.env"] [unique_id "aiyWeMUEq4FMpjHchqRQsgAAAIA"]
[Fri Jun 12 20:30:00.167012 2026] [security2:error] [pid 4266:tid 4268] [client 93.123.109.214:36336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/Be/.env"] [unique_id "aiyWeMUEq4FMpjHchqRQsgAAAIA"]
[Fri Jun 12 20:30:00.167219 2026] [security2:error] [pid 4266:tid 4268] [client 93.123.109.214:36336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWeMUEq4FMpjHchqRQsgAAAIA"]
[Fri Jun 12 20:30:07.878333 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:36344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/admin-app/.env"] [unique_id "aiyWf5IjhtVyOPygpb8tCQAAAAY"]
[Fri Jun 12 20:30:07.878526 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:36344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/admin-app/.env"] [unique_id "aiyWf5IjhtVyOPygpb8tCQAAAAY"]
[Fri Jun 12 20:30:07.878801 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:36344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWf5IjhtVyOPygpb8tCQAAAAY"]
[Fri Jun 12 20:30:10.121518 2026] [security2:error] [pid 5057:tid 5063] [client 93.123.109.214:40190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/admin/.env"] [unique_id "aiyWghoFVnsH4cPWudgv7gAAAQE"]
[Fri Jun 12 20:30:10.121748 2026] [security2:error] [pid 5057:tid 5063] [client 93.123.109.214:40190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/admin/.env"] [unique_id "aiyWghoFVnsH4cPWudgv7gAAAQE"]
[Fri Jun 12 20:30:10.122042 2026] [security2:error] [pid 5057:tid 5063] [client 93.123.109.214:40190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWghoFVnsH4cPWudgv7gAAAQE"]
[Fri Jun 12 20:30:14.640132 2026] [security2:error] [pid 5462:tid 5472] [client 93.123.109.214:40202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/administrator/.env"] [unique_id "aiyWhpIjhtVyOPygpb8tHAAAAAQ"]
[Fri Jun 12 20:30:14.640521 2026] [security2:error] [pid 5462:tid 5472] [client 93.123.109.214:40202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/administrator/.env"] [unique_id "aiyWhpIjhtVyOPygpb8tHAAAAAQ"]
[Fri Jun 12 20:30:14.640833 2026] [security2:error] [pid 5462:tid 5472] [client 93.123.109.214:40202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWhpIjhtVyOPygpb8tHAAAAAQ"]
[Fri Jun 12 20:30:29.273506 2026] [security2:error] [pid 5462:tid 5486] [client 93.123.109.214:37686] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/api-node/.env"] [unique_id "aiyWlZIjhtVyOPygpb8tSAAAABI"]
[Fri Jun 12 20:30:29.273801 2026] [security2:error] [pid 5462:tid 5486] [client 93.123.109.214:37686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/api-node/.env"] [unique_id "aiyWlZIjhtVyOPygpb8tSAAAABI"]
[Fri Jun 12 20:30:29.274026 2026] [security2:error] [pid 5462:tid 5486] [client 93.123.109.214:37686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWlZIjhtVyOPygpb8tSAAAABI"]
[Fri Jun 12 20:30:32.503784 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:37690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/api/.env"] [unique_id "aiyWmBoFVnsH4cPWudgwTQAAARY"]
[Fri Jun 12 20:30:32.504746 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:37690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/api/.env"] [unique_id "aiyWmBoFVnsH4cPWudgwTQAAARY"]
[Fri Jun 12 20:30:32.505082 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:37690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWmBoFVnsH4cPWudgwTQAAARY"]
[Fri Jun 12 20:30:34.859620 2026] [security2:error] [pid 5057:tid 5078] [client 147.185.132.58:64526] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyWmhoFVnsH4cPWudgwWQAAARA"]
[Fri Jun 12 20:30:49.576406 2026] [security2:error] [pid 3956:tid 3971] [client 93.123.109.214:41482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/apis/.env"] [unique_id "aiyWqdaJbkbJfrdoQW1dEgAAAUs"]
[Fri Jun 12 20:30:49.576595 2026] [security2:error] [pid 3956:tid 3971] [client 93.123.109.214:41482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/apis/.env"] [unique_id "aiyWqdaJbkbJfrdoQW1dEgAAAUs"]
[Fri Jun 12 20:30:49.576921 2026] [security2:error] [pid 3956:tid 3971] [client 93.123.109.214:41482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWqdaJbkbJfrdoQW1dEgAAAUs"]
[Fri Jun 12 20:30:57.309181 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:41490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/app/.env"] [unique_id "aiyWsZIjhtVyOPygpb8t0gAAABg"]
[Fri Jun 12 20:30:57.309410 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:41490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/app/.env"] [unique_id "aiyWsZIjhtVyOPygpb8t0gAAABg"]
[Fri Jun 12 20:30:57.309636 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:41490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWsZIjhtVyOPygpb8t0gAAABg"]
[Fri Jun 12 20:31:04.906229 2026] [security2:error] [pid 4266:tid 4288] [client 93.123.109.214:41392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/application/.env"] [unique_id "aiyWuMUEq4FMpjHchqRR9QAAAJQ"]
[Fri Jun 12 20:31:04.906386 2026] [security2:error] [pid 4266:tid 4288] [client 93.123.109.214:41392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/application/.env"] [unique_id "aiyWuMUEq4FMpjHchqRR9QAAAJQ"]
[Fri Jun 12 20:31:04.906593 2026] [security2:error] [pid 4266:tid 4288] [client 93.123.109.214:41392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWuMUEq4FMpjHchqRR9QAAAJQ"]
[Fri Jun 12 20:31:07.730224 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:41402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/apps/.env"] [unique_id "aiyWu8UEq4FMpjHchqRSBAAAAI0"]
[Fri Jun 12 20:31:07.730502 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:41402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/apps/.env"] [unique_id "aiyWu8UEq4FMpjHchqRSBAAAAI0"]
[Fri Jun 12 20:31:07.730842 2026] [security2:error] [pid 4266:tid 4281] [client 93.123.109.214:41402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWu8UEq4FMpjHchqRSBAAAAI0"]
[Fri Jun 12 20:31:09.816285 2026] [security2:error] [pid 4266:tid 4289] [client 93.123.109.214:44608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/back-api/.env"] [unique_id "aiyWvcUEq4FMpjHchqRSCgAAAJU"]
[Fri Jun 12 20:31:09.816629 2026] [security2:error] [pid 4266:tid 4289] [client 93.123.109.214:44608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/back-api/.env"] [unique_id "aiyWvcUEq4FMpjHchqRSCgAAAJU"]
[Fri Jun 12 20:31:09.816914 2026] [security2:error] [pid 4266:tid 4289] [client 93.123.109.214:44608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWvcUEq4FMpjHchqRSCgAAAJU"]
[Fri Jun 12 20:31:24.860163 2026] [security2:error] [pid 4309:tid 4331] [client 93.123.109.214:41472] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/backend-api/.env"] [unique_id "aiyWzIVsvRFmPfhh-xj38wAAAFM"]
[Fri Jun 12 20:31:24.860443 2026] [security2:error] [pid 4309:tid 4331] [client 93.123.109.214:41472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/backend-api/.env"] [unique_id "aiyWzIVsvRFmPfhh-xj38wAAAFM"]
[Fri Jun 12 20:31:24.860662 2026] [security2:error] [pid 4309:tid 4331] [client 93.123.109.214:41472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyWzIVsvRFmPfhh-xj38wAAAFM"]
[Fri Jun 12 20:31:32.193754 2026] [security2:error] [pid 5057:tid 5077] [client 78.153.140.149:58858] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyW1BoFVnsH4cPWudgxigAAAQ8"]
[Fri Jun 12 20:31:32.194013 2026] [security2:error] [pid 5057:tid 5077] [client 78.153.140.149:58858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyW1BoFVnsH4cPWudgxigAAAQ8"]
[Fri Jun 12 20:31:32.194304 2026] [security2:error] [pid 5057:tid 5077] [client 78.153.140.149:58858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyW1BoFVnsH4cPWudgxigAAAQ8"]
[Fri Jun 12 20:31:32.195318 2026] [security2:error] [pid 5057:tid 5077] [client 78.153.140.149:58858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyW1BoFVnsH4cPWudgxigAAAQ8"]
[Fri Jun 12 20:31:32.548870 2026] [security2:error] [pid 4266:tid 4284] [client 78.153.140.149:58872] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyW1MUEq4FMpjHchqRShQAAAJA"]
[Fri Jun 12 20:31:39.048984 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:53806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/backend/.env"] [unique_id "aiyW24VsvRFmPfhh-xj4HAAAAFg"]
[Fri Jun 12 20:31:39.049201 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:53806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/backend/.env"] [unique_id "aiyW24VsvRFmPfhh-xj4HAAAAFg"]
[Fri Jun 12 20:31:39.049556 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:53806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyW24VsvRFmPfhh-xj4HAAAAFg"]
[Fri Jun 12 20:31:56.232593 2026] [security2:error] [pid 3956:tid 3968] [client 93.123.109.214:43296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/be/.env"] [unique_id "aiyW7NaJbkbJfrdoQW1eRAAAAUg"]
[Fri Jun 12 20:31:56.232873 2026] [security2:error] [pid 3956:tid 3968] [client 93.123.109.214:43296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/be/.env"] [unique_id "aiyW7NaJbkbJfrdoQW1eRAAAAUg"]
[Fri Jun 12 20:31:56.233440 2026] [security2:error] [pid 3956:tid 3968] [client 93.123.109.214:43296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyW7NaJbkbJfrdoQW1eRAAAAUg"]
[Fri Jun 12 20:32:05.008215 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:57820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/beta/.env"] [unique_id "aiyW9RoFVnsH4cPWudgyLQAAAQk"]
[Fri Jun 12 20:32:05.008835 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:57820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/beta/.env"] [unique_id "aiyW9RoFVnsH4cPWudgyLQAAAQk"]
[Fri Jun 12 20:32:05.009111 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:57820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyW9RoFVnsH4cPWudgyLQAAAQk"]
[Fri Jun 12 20:32:13.166839 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:60388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/client/.env"] [unique_id "aiyW_RoFVnsH4cPWudgyOAAAARc"]
[Fri Jun 12 20:32:13.167045 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:60388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/client/.env"] [unique_id "aiyW_RoFVnsH4cPWudgyOAAAARc"]
[Fri Jun 12 20:32:13.167258 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:60388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyW_RoFVnsH4cPWudgyOAAAARc"]
[Fri Jun 12 20:32:21.089784 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:54320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/cms/.env"] [unique_id "aiyXBdaJbkbJfrdoQW1ezgAAAUY"]
[Fri Jun 12 20:32:21.090023 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:54320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/cms/.env"] [unique_id "aiyXBdaJbkbJfrdoQW1ezgAAAUY"]
[Fri Jun 12 20:32:21.090237 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:54320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXBdaJbkbJfrdoQW1ezgAAAUY"]
[Fri Jun 12 20:32:31.913814 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:52200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/config/.env"] [unique_id "aiyXDxoFVnsH4cPWudgybQAAARc"]
[Fri Jun 12 20:32:31.914064 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:52200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/config/.env"] [unique_id "aiyXDxoFVnsH4cPWudgybQAAARc"]
[Fri Jun 12 20:32:31.914291 2026] [security2:error] [pid 5057:tid 5085] [client 93.123.109.214:52200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXDxoFVnsH4cPWudgybQAAARc"]
[Fri Jun 12 20:32:42.707109 2026] [security2:error] [pid 4310:tid 4342] [client 105.188.112.33:42752] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyXGlunT5cBeiKzNzv9UQAAAMI"]
[Fri Jun 12 20:32:42.707345 2026] [security2:error] [pid 4310:tid 4342] [client 105.188.112.33:42752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyXGlunT5cBeiKzNzv9UQAAAMI"]
[Fri Jun 12 20:32:42.707630 2026] [security2:error] [pid 4310:tid 4342] [client 105.188.112.33:42752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiyXGlunT5cBeiKzNzv9UQAAAMI"]
[Fri Jun 12 20:32:43.166192 2026] [security2:error] [pid 4310:tid 4342] [client 105.188.112.33:42752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyXGlunT5cBeiKzNzv9UQAAAMI"]
[Fri Jun 12 20:32:44.245747 2026] [security2:error] [pid 4266:tid 4284] [client 105.188.112.33:32924] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env_ci"] [unique_id "aiyXHMUEq4FMpjHchqRTKgAAAJA"]
[Fri Jun 12 20:32:44.245955 2026] [security2:error] [pid 4266:tid 4284] [client 105.188.112.33:32924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env_ci"] [unique_id "aiyXHMUEq4FMpjHchqRTKgAAAJA"]
[Fri Jun 12 20:32:44.246171 2026] [security2:error] [pid 4266:tid 4284] [client 105.188.112.33:32924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env_ci"] [unique_id "aiyXHMUEq4FMpjHchqRTKgAAAJA"]
[Fri Jun 12 20:32:44.861142 2026] [security2:error] [pid 4266:tid 4284] [client 105.188.112.33:32924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyXHMUEq4FMpjHchqRTKgAAAJA"]
[Fri Jun 12 20:33:17.667570 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:49720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/crm/.env"] [unique_id "aiyXPRoFVnsH4cPWudgzQgAAAQs"]
[Fri Jun 12 20:33:17.667752 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:49720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/crm/.env"] [unique_id "aiyXPRoFVnsH4cPWudgzQgAAAQs"]
[Fri Jun 12 20:33:17.667961 2026] [security2:error] [pid 5057:tid 5073] [client 93.123.109.214:49720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXPRoFVnsH4cPWudgzQgAAAQs"]
[Fri Jun 12 20:33:21.243879 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:35518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/cron/.env"] [unique_id "aiyXQRoFVnsH4cPWudgzVwAAAQ4"]
[Fri Jun 12 20:33:21.244093 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:35518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/cron/.env"] [unique_id "aiyXQRoFVnsH4cPWudgzVwAAAQ4"]
[Fri Jun 12 20:33:21.244312 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:35518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXQRoFVnsH4cPWudgzVwAAAQ4"]
[Fri Jun 12 20:33:32.906522 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:34794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/demo/.env"] [unique_id "aiyXTNaJbkbJfrdoQW1f7gAAAVM"]
[Fri Jun 12 20:33:32.906663 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:34794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/demo/.env"] [unique_id "aiyXTNaJbkbJfrdoQW1f7gAAAVM"]
[Fri Jun 12 20:33:32.906898 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:34794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXTNaJbkbJfrdoQW1f7gAAAVM"]
[Fri Jun 12 20:33:41.633927 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:52580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/dev/.env"] [unique_id "aiyXVVunT5cBeiKzNzv-OwAAAMQ"]
[Fri Jun 12 20:33:41.634145 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:52580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/dev/.env"] [unique_id "aiyXVVunT5cBeiKzNzv-OwAAAMQ"]
[Fri Jun 12 20:33:41.634374 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:52580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXVVunT5cBeiKzNzv-OwAAAMQ"]
[Fri Jun 12 20:33:52.928993 2026] [security2:error] [pid 4309:tid 4335] [client 93.123.109.214:40654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/develop/.env"] [unique_id "aiyXYIVsvRFmPfhh-xj7VAAAAFc"]
[Fri Jun 12 20:33:52.929241 2026] [security2:error] [pid 4309:tid 4335] [client 93.123.109.214:40654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/develop/.env"] [unique_id "aiyXYIVsvRFmPfhh-xj7VAAAAFc"]
[Fri Jun 12 20:33:52.929453 2026] [security2:error] [pid 4309:tid 4335] [client 93.123.109.214:40654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXYIVsvRFmPfhh-xj7VAAAAFc"]
[Fri Jun 12 20:34:00.678070 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:33874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/developer/.env"] [unique_id "aiyXaJIjhtVyOPygpb8w_gAAABg"]
[Fri Jun 12 20:34:00.678271 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:33874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/developer/.env"] [unique_id "aiyXaJIjhtVyOPygpb8w_gAAABg"]
[Fri Jun 12 20:34:00.678492 2026] [security2:error] [pid 5462:tid 5492] [client 93.123.109.214:33874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXaJIjhtVyOPygpb8w_gAAABg"]
[Fri Jun 12 20:34:08.253152 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:33886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/development/.env"] [unique_id "aiyXcJIjhtVyOPygpb8xMwAAAAg"]
[Fri Jun 12 20:34:08.253355 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:33886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/development/.env"] [unique_id "aiyXcJIjhtVyOPygpb8xMwAAAAg"]
[Fri Jun 12 20:34:08.253634 2026] [security2:error] [pid 5462:tid 5476] [client 93.123.109.214:33886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXcJIjhtVyOPygpb8xMwAAAAg"]
[Fri Jun 12 20:34:45.155563 2026] [security2:error] [pid 4310:tid 4357] [client 93.123.109.214:37642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/erp/.env"] [unique_id "aiyXlVunT5cBeiKzNzv-9wAAANE"]
[Fri Jun 12 20:34:45.155867 2026] [security2:error] [pid 4310:tid 4357] [client 93.123.109.214:37642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/erp/.env"] [unique_id "aiyXlVunT5cBeiKzNzv-9wAAANE"]
[Fri Jun 12 20:34:45.156182 2026] [security2:error] [pid 4310:tid 4357] [client 93.123.109.214:37642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXlVunT5cBeiKzNzv-9wAAANE"]
[Fri Jun 12 20:34:54.814088 2026] [security2:error] [pid 4310:tid 4363] [client 93.123.109.214:60934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/fe/.env"] [unique_id "aiyXnlunT5cBeiKzNzv_AwAAANc"]
[Fri Jun 12 20:34:54.814375 2026] [security2:error] [pid 4310:tid 4363] [client 93.123.109.214:60934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/fe/.env"] [unique_id "aiyXnlunT5cBeiKzNzv_AwAAANc"]
[Fri Jun 12 20:34:54.814653 2026] [security2:error] [pid 4310:tid 4363] [client 93.123.109.214:60934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXnlunT5cBeiKzNzv_AwAAANc"]
[Fri Jun 12 20:34:58.352198 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:60940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/front/.env"] [unique_id "aiyXotaJbkbJfrdoQW1hPAAAAUY"]
[Fri Jun 12 20:34:58.352555 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:60940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/front/.env"] [unique_id "aiyXotaJbkbJfrdoQW1hPAAAAUY"]
[Fri Jun 12 20:34:58.352888 2026] [security2:error] [pid 3956:tid 3966] [client 93.123.109.214:60940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXotaJbkbJfrdoQW1hPAAAAUY"]
[Fri Jun 12 20:35:02.068665 2026] [security2:error] [pid 4266:tid 4290] [client 93.123.109.214:56600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/frontend/.env"] [unique_id "aiyXpsUEq4FMpjHchqRVDAAAAJY"]
[Fri Jun 12 20:35:02.069281 2026] [security2:error] [pid 4266:tid 4290] [client 93.123.109.214:56600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/frontend/.env"] [unique_id "aiyXpsUEq4FMpjHchqRVDAAAAJY"]
[Fri Jun 12 20:35:02.069580 2026] [security2:error] [pid 4266:tid 4290] [client 93.123.109.214:56600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXpsUEq4FMpjHchqRVDAAAAJY"]
[Fri Jun 12 20:35:15.711110 2026] [core:error] [pid 4266:tid 4268] [client 164.52.0.92:46903] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Fri Jun 12 20:35:22.036461 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:40514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/local/.env"] [unique_id "aiyXusUEq4FMpjHchqRVnQAAAJg"]
[Fri Jun 12 20:35:22.036669 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:40514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/local/.env"] [unique_id "aiyXusUEq4FMpjHchqRVnQAAAJg"]
[Fri Jun 12 20:35:22.036933 2026] [security2:error] [pid 4266:tid 4292] [client 93.123.109.214:40514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXusUEq4FMpjHchqRVnQAAAJg"]
[Fri Jun 12 20:35:28.100831 2026] [core:error] [pid 4309:tid 4330] [client 164.52.0.92:49955] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Fri Jun 12 20:35:29.447957 2026] [security2:error] [pid 4310:tid 4353] [client 93.123.109.214:55780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/market/.env"] [unique_id "aiyXwVunT5cBeiKzNzv_lgAAAM0"]
[Fri Jun 12 20:35:29.448195 2026] [security2:error] [pid 4310:tid 4353] [client 93.123.109.214:55780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/market/.env"] [unique_id "aiyXwVunT5cBeiKzNzv_lgAAAM0"]
[Fri Jun 12 20:35:29.448429 2026] [security2:error] [pid 4310:tid 4353] [client 93.123.109.214:55780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXwVunT5cBeiKzNzv_lgAAAM0"]
[Fri Jun 12 20:35:32.170268 2026] [security2:error] [pid 5057:tid 5069] [client 93.123.109.214:55784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/marketing/.env"] [unique_id "aiyXxBoFVnsH4cPWudg1RQAAAQc"]
[Fri Jun 12 20:35:32.170504 2026] [security2:error] [pid 5057:tid 5069] [client 93.123.109.214:55784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/marketing/.env"] [unique_id "aiyXxBoFVnsH4cPWudg1RQAAAQc"]
[Fri Jun 12 20:35:32.170844 2026] [security2:error] [pid 5057:tid 5069] [client 93.123.109.214:55784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXxBoFVnsH4cPWudg1RQAAAQc"]
[Fri Jun 12 20:35:35.404406 2026] [security2:error] [pid 5057:tid 5062] [client 93.123.109.214:55790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/media/.env"] [unique_id "aiyXxxoFVnsH4cPWudg1VAAAAQA"]
[Fri Jun 12 20:35:35.404665 2026] [security2:error] [pid 5057:tid 5062] [client 93.123.109.214:55790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/media/.env"] [unique_id "aiyXxxoFVnsH4cPWudg1VAAAAQA"]
[Fri Jun 12 20:35:35.404921 2026] [security2:error] [pid 5057:tid 5062] [client 93.123.109.214:55790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXxxoFVnsH4cPWudg1VAAAAQA"]
[Fri Jun 12 20:35:43.165193 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:46630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/new/.env"] [unique_id "aiyXz4VsvRFmPfhh-xj9HQAAAFg"]
[Fri Jun 12 20:35:43.165428 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:46630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/new/.env"] [unique_id "aiyXz4VsvRFmPfhh-xj9HQAAAFg"]
[Fri Jun 12 20:35:43.165780 2026] [security2:error] [pid 4309:tid 4336] [client 93.123.109.214:46630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyXz4VsvRFmPfhh-xj9HQAAAFg"]
[Fri Jun 12 20:35:49.479743 2026] [core:error] [pid 3956:tid 3973] [client 164.52.0.92:59001] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Fri Jun 12 20:35:56.553894 2026] [security2:error] [pid 4266:tid 4291] [client 93.123.109.214:35124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/node/api/.env"] [unique_id "aiyX3MUEq4FMpjHchqRWHQAAAJc"]
[Fri Jun 12 20:35:56.554117 2026] [security2:error] [pid 4266:tid 4291] [client 93.123.109.214:35124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/node/api/.env"] [unique_id "aiyX3MUEq4FMpjHchqRWHQAAAJc"]
[Fri Jun 12 20:35:56.554383 2026] [security2:error] [pid 4266:tid 4291] [client 93.123.109.214:35124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyX3MUEq4FMpjHchqRWHQAAAJc"]
[Fri Jun 12 20:35:59.457312 2026] [security2:error] [pid 5462:tid 5480] [client 93.123.109.214:44142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/node/backend/.env"] [unique_id "aiyX35IjhtVyOPygpb8z1wAAAAw"]
[Fri Jun 12 20:35:59.457552 2026] [security2:error] [pid 5462:tid 5480] [client 93.123.109.214:44142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/node/backend/.env"] [unique_id "aiyX35IjhtVyOPygpb8z1wAAAAw"]
[Fri Jun 12 20:35:59.457806 2026] [security2:error] [pid 5462:tid 5480] [client 93.123.109.214:44142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyX35IjhtVyOPygpb8z1wAAAAw"]
[Fri Jun 12 20:36:03.915666 2026] [core:error] [pid 4309:tid 4326] [client 164.52.0.92:53051] AH00524: Handler for application/x-httpd-ea-php82 returned invalid result code 70014
[Fri Jun 12 20:36:09.524317 2026] [security2:error] [pid 4309:tid 4324] [client 93.123.109.214:59000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/nodeapi/.env"] [unique_id "aiyX6YVsvRFmPfhh-xj9lAAAAEw"]
[Fri Jun 12 20:36:09.524492 2026] [security2:error] [pid 4309:tid 4324] [client 93.123.109.214:59000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/nodeapi/.env"] [unique_id "aiyX6YVsvRFmPfhh-xj9lAAAAEw"]
[Fri Jun 12 20:36:09.524738 2026] [security2:error] [pid 4309:tid 4324] [client 93.123.109.214:59000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyX6YVsvRFmPfhh-xj9lAAAAEw"]
[Fri Jun 12 20:36:18.520097 2026] [security2:error] [pid 4309:tid 4330] [client 93.123.109.214:59012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeweb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/nodeweb/.env"] [unique_id "aiyX8oVsvRFmPfhh-xj9xAAAAFI"]
[Fri Jun 12 20:36:18.520362 2026] [security2:error] [pid 4309:tid 4330] [client 93.123.109.214:59012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/nodeweb/.env"] [unique_id "aiyX8oVsvRFmPfhh-xj9xAAAAFI"]
[Fri Jun 12 20:36:18.520602 2026] [security2:error] [pid 4309:tid 4330] [client 93.123.109.214:59012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyX8oVsvRFmPfhh-xj9xAAAAFI"]
[Fri Jun 12 20:36:26.589993 2026] [security2:error] [pid 4309:tid 4333] [client 93.123.109.214:34124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/old/.env"] [unique_id "aiyX-oVsvRFmPfhh-xj96wAAAFU"]
[Fri Jun 12 20:36:26.590216 2026] [security2:error] [pid 4309:tid 4333] [client 93.123.109.214:34124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/old/.env"] [unique_id "aiyX-oVsvRFmPfhh-xj96wAAAFU"]
[Fri Jun 12 20:36:26.590476 2026] [security2:error] [pid 4309:tid 4333] [client 93.123.109.214:34124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyX-oVsvRFmPfhh-xj96wAAAFU"]
[Fri Jun 12 20:36:40.002527 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:34744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/prod/.env"] [unique_id "aiyYCNaJbkbJfrdoQW1jIQAAAUI"]
[Fri Jun 12 20:36:40.002806 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:34744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/prod/.env"] [unique_id "aiyYCNaJbkbJfrdoQW1jIQAAAUI"]
[Fri Jun 12 20:36:40.003044 2026] [security2:error] [pid 3956:tid 3962] [client 93.123.109.214:34744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYCNaJbkbJfrdoQW1jIQAAAUI"]
[Fri Jun 12 20:37:05.260185 2026] [security2:error] [pid 5057:tid 5083] [client 93.123.109.214:49982] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/public-api/.env"] [unique_id "aiyYIRoFVnsH4cPWudg2cgAAARU"]
[Fri Jun 12 20:37:05.260391 2026] [security2:error] [pid 5057:tid 5083] [client 93.123.109.214:49982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/public-api/.env"] [unique_id "aiyYIRoFVnsH4cPWudg2cgAAARU"]
[Fri Jun 12 20:37:05.260634 2026] [security2:error] [pid 5057:tid 5083] [client 93.123.109.214:49982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYIRoFVnsH4cPWudg2cgAAARU"]
[Fri Jun 12 20:37:07.840712 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:49986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/public/.env"] [unique_id "aiyYIxoFVnsH4cPWudg2eAAAAQ4"]
[Fri Jun 12 20:37:07.840923 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:49986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/public/.env"] [unique_id "aiyYIxoFVnsH4cPWudg2eAAAAQ4"]
[Fri Jun 12 20:37:07.841162 2026] [security2:error] [pid 5057:tid 5076] [client 93.123.109.214:49986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYIxoFVnsH4cPWudg2eAAAAQ4"]
[Fri Jun 12 20:37:18.207399 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:43864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/public_html/.env"] [unique_id "aiyYLtaJbkbJfrdoQW1j1AAAAVM"]
[Fri Jun 12 20:37:18.207638 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:43864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/public_html/.env"] [unique_id "aiyYLtaJbkbJfrdoQW1j1AAAAVM"]
[Fri Jun 12 20:37:18.208016 2026] [security2:error] [pid 3956:tid 3979] [client 93.123.109.214:43864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYLtaJbkbJfrdoQW1j1AAAAVM"]
[Fri Jun 12 20:37:22.638539 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:43766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/qa/.env"] [unique_id "aiyYMlunT5cBeiKzNzsBmgAAAMQ"]
[Fri Jun 12 20:37:22.638794 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:43766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/qa/.env"] [unique_id "aiyYMlunT5cBeiKzNzsBmgAAAMQ"]
[Fri Jun 12 20:37:22.639056 2026] [security2:error] [pid 4310:tid 4344] [client 93.123.109.214:43766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYMlunT5cBeiKzNzsBmgAAAMQ"]
[Fri Jun 12 20:37:35.649912 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:55238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/server/.env"] [unique_id "aiyYP5IjhtVyOPygpb81HQAAAAY"]
[Fri Jun 12 20:37:35.650154 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:55238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/server/.env"] [unique_id "aiyYP5IjhtVyOPygpb81HQAAAAY"]
[Fri Jun 12 20:37:35.650381 2026] [security2:error] [pid 5462:tid 5474] [client 93.123.109.214:55238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYP5IjhtVyOPygpb81HQAAAAY"]
[Fri Jun 12 20:37:43.923725 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:41024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/server/api/.env"] [unique_id "aiyYR4VsvRFmPfhh-xj_pAAAAFE"]
[Fri Jun 12 20:37:43.923978 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:41024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/server/api/.env"] [unique_id "aiyYR4VsvRFmPfhh-xj_pAAAAFE"]
[Fri Jun 12 20:37:43.924254 2026] [security2:error] [pid 4309:tid 4329] [client 93.123.109.214:41024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYR4VsvRFmPfhh-xj_pAAAAFE"]
[Fri Jun 12 20:37:48.121185 2026] [security2:error] [pid 5462:tid 5488] [client 105.188.112.33:34201] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyYTJIjhtVyOPygpb81LgAAABQ"]
[Fri Jun 12 20:37:48.121441 2026] [security2:error] [pid 5462:tid 5488] [client 105.188.112.33:34201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyYTJIjhtVyOPygpb81LgAAABQ"]
[Fri Jun 12 20:37:48.121733 2026] [security2:error] [pid 5462:tid 5488] [client 105.188.112.33:34201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyYTJIjhtVyOPygpb81LgAAABQ"]
[Fri Jun 12 20:37:48.122125 2026] [security2:error] [pid 5462:tid 5488] [client 105.188.112.33:34201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyYTJIjhtVyOPygpb81LgAAABQ"]
[Fri Jun 12 20:37:48.670986 2026] [security2:error] [pid 5057:tid 5082] [client 105.188.112.33:36823] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env_ci"] [unique_id "aiyYTBoFVnsH4cPWudg22gAAARQ"]
[Fri Jun 12 20:37:48.671204 2026] [security2:error] [pid 5057:tid 5082] [client 105.188.112.33:36823] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env_ci"] [unique_id "aiyYTBoFVnsH4cPWudg22gAAARQ"]
[Fri Jun 12 20:37:48.671431 2026] [security2:error] [pid 5057:tid 5082] [client 105.188.112.33:36823] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env_ci"] [unique_id "aiyYTBoFVnsH4cPWudg22gAAARQ"]
[Fri Jun 12 20:37:48.671678 2026] [security2:error] [pid 5057:tid 5082] [client 105.188.112.33:36823] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyYTBoFVnsH4cPWudg22gAAARQ"]
[Fri Jun 12 20:37:51.881927 2026] [security2:error] [pid 3956:tid 3980] [client 93.123.109.214:48640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/server/backend/.env"] [unique_id "aiyYT9aJbkbJfrdoQW1kXgAAAVQ"]
[Fri Jun 12 20:37:51.882150 2026] [security2:error] [pid 3956:tid 3980] [client 93.123.109.214:48640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/server/backend/.env"] [unique_id "aiyYT9aJbkbJfrdoQW1kXgAAAVQ"]
[Fri Jun 12 20:37:51.882367 2026] [security2:error] [pid 3956:tid 3980] [client 93.123.109.214:48640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYT9aJbkbJfrdoQW1kXgAAAVQ"]
[Fri Jun 12 20:38:12.728975 2026] [security2:error] [pid 4266:tid 4272] [client 93.123.109.214:34640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/services/.env"] [unique_id "aiyYZMUEq4FMpjHchqRYegAAAIQ"]
[Fri Jun 12 20:38:12.729219 2026] [security2:error] [pid 4266:tid 4272] [client 93.123.109.214:34640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/services/.env"] [unique_id "aiyYZMUEq4FMpjHchqRYegAAAIQ"]
[Fri Jun 12 20:38:12.729476 2026] [security2:error] [pid 4266:tid 4272] [client 93.123.109.214:34640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYZMUEq4FMpjHchqRYegAAAIQ"]
[Fri Jun 12 20:38:18.439944 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:34652] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "fls.machen.ai"] [uri "/services/environments.ini"] [unique_id "aiyYahoFVnsH4cPWudg3IwAAAQk"]
[Fri Jun 12 20:38:18.440305 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:34652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/services/environments.ini"] [unique_id "aiyYahoFVnsH4cPWudg3IwAAAQk"]
[Fri Jun 12 20:38:18.440622 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:34652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYahoFVnsH4cPWudg3IwAAAQk"]
[Fri Jun 12 20:38:21.334459 2026] [security2:error] [pid 5462:tid 5470] [client 93.123.109.214:60120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/shared/.env"] [unique_id "aiyYbZIjhtVyOPygpb81cgAAAAI"]
[Fri Jun 12 20:38:21.334784 2026] [security2:error] [pid 5462:tid 5470] [client 93.123.109.214:60120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/shared/.env"] [unique_id "aiyYbZIjhtVyOPygpb81cgAAAAI"]
[Fri Jun 12 20:38:21.335205 2026] [security2:error] [pid 5462:tid 5470] [client 93.123.109.214:60120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYbZIjhtVyOPygpb81cgAAAAI"]
[Fri Jun 12 20:38:34.545183 2026] [security2:error] [pid 5462:tid 5478] [client 93.123.109.214:54212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/src/.env"] [unique_id "aiyYepIjhtVyOPygpb81ogAAAAo"]
[Fri Jun 12 20:38:34.545408 2026] [security2:error] [pid 5462:tid 5478] [client 93.123.109.214:54212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/src/.env"] [unique_id "aiyYepIjhtVyOPygpb81ogAAAAo"]
[Fri Jun 12 20:38:34.545655 2026] [security2:error] [pid 5462:tid 5478] [client 93.123.109.214:54212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYepIjhtVyOPygpb81ogAAAAo"]
[Fri Jun 12 20:38:52.708284 2026] [security2:error] [pid 4309:tid 4328] [client 93.123.109.214:55436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/stage/.env"] [unique_id "aiyYjIVsvRFmPfhh-xgBkAAAAFA"]
[Fri Jun 12 20:38:52.708556 2026] [security2:error] [pid 4309:tid 4328] [client 93.123.109.214:55436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/stage/.env"] [unique_id "aiyYjIVsvRFmPfhh-xgBkAAAAFA"]
[Fri Jun 12 20:38:52.708877 2026] [security2:error] [pid 4309:tid 4328] [client 93.123.109.214:55436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYjIVsvRFmPfhh-xgBkAAAAFA"]
[Fri Jun 12 20:39:00.493480 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:44188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/staging/.env"] [unique_id "aiyYlMUEq4FMpjHchqRZAQAAAIg"]
[Fri Jun 12 20:39:00.493771 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:44188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/staging/.env"] [unique_id "aiyYlMUEq4FMpjHchqRZAQAAAIg"]
[Fri Jun 12 20:39:00.494009 2026] [security2:error] [pid 4266:tid 4276] [client 93.123.109.214:44188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYlMUEq4FMpjHchqRZAQAAAIg"]
[Fri Jun 12 20:39:03.252797 2026] [security2:error] [pid 5057:tid 5072] [client 93.123.109.214:44204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/stg/.env"] [unique_id "aiyYlxoFVnsH4cPWudg33QAAAQo"]
[Fri Jun 12 20:39:03.253027 2026] [security2:error] [pid 5057:tid 5072] [client 93.123.109.214:44204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/stg/.env"] [unique_id "aiyYlxoFVnsH4cPWudg33QAAAQo"]
[Fri Jun 12 20:39:03.253352 2026] [security2:error] [pid 5057:tid 5072] [client 93.123.109.214:44204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYlxoFVnsH4cPWudg33QAAAQo"]
[Fri Jun 12 20:39:26.449039 2026] [security2:error] [pid 4266:tid 4275] [client 93.123.109.214:44418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/test/.env"] [unique_id "aiyYrsUEq4FMpjHchqRZcwAAAIc"]
[Fri Jun 12 20:39:26.449340 2026] [security2:error] [pid 4266:tid 4275] [client 93.123.109.214:44418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/test/.env"] [unique_id "aiyYrsUEq4FMpjHchqRZcwAAAIc"]
[Fri Jun 12 20:39:26.449578 2026] [security2:error] [pid 4266:tid 4275] [client 93.123.109.214:44418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYrsUEq4FMpjHchqRZcwAAAIc"]
[Fri Jun 12 20:39:30.273987 2026] [security2:error] [pid 5057:tid 5066] [client 93.123.109.214:47344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/user/.env"] [unique_id "aiyYshoFVnsH4cPWudg4bgAAAQQ"]
[Fri Jun 12 20:39:30.274259 2026] [security2:error] [pid 5057:tid 5066] [client 93.123.109.214:47344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/user/.env"] [unique_id "aiyYshoFVnsH4cPWudg4bgAAAQQ"]
[Fri Jun 12 20:39:30.274488 2026] [security2:error] [pid 5057:tid 5066] [client 93.123.109.214:47344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYshoFVnsH4cPWudg4bgAAAQQ"]
[Fri Jun 12 20:39:38.464404 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:47352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/v1/.env"] [unique_id "aiyYuhoFVnsH4cPWudg4rwAAAQk"]
[Fri Jun 12 20:39:38.464633 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:47352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/v1/.env"] [unique_id "aiyYuhoFVnsH4cPWudg4rwAAAQk"]
[Fri Jun 12 20:39:38.465542 2026] [security2:error] [pid 5057:tid 5071] [client 93.123.109.214:47352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYuhoFVnsH4cPWudg4rwAAAQk"]
[Fri Jun 12 20:39:40.935987 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:36430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/v2/.env"] [unique_id "aiyYvBoFVnsH4cPWudg4xwAAARY"]
[Fri Jun 12 20:39:40.936257 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:36430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/v2/.env"] [unique_id "aiyYvBoFVnsH4cPWudg4xwAAARY"]
[Fri Jun 12 20:39:40.936484 2026] [security2:error] [pid 5057:tid 5084] [client 93.123.109.214:36430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYvBoFVnsH4cPWudg4xwAAARY"]
[Fri Jun 12 20:39:45.913498 2026] [security2:error] [pid 4266:tid 4286] [client 93.123.109.214:36440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/v3/.env"] [unique_id "aiyYwcUEq4FMpjHchqRZ0gAAAJI"]
[Fri Jun 12 20:39:45.913711 2026] [security2:error] [pid 4266:tid 4286] [client 93.123.109.214:36440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/v3/.env"] [unique_id "aiyYwcUEq4FMpjHchqRZ0gAAAJI"]
[Fri Jun 12 20:39:45.913994 2026] [security2:error] [pid 4266:tid 4286] [client 93.123.109.214:36440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyYwcUEq4FMpjHchqRZ0gAAAJI"]
[Fri Jun 12 20:40:02.680016 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:54282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "fls.machen.ai"] [uri "/website/.env"] [unique_id "aiyY0taJbkbJfrdoQW1mOQAAAVU"]
[Fri Jun 12 20:40:02.680261 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:54282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "fls.machen.ai"] [uri "/website/.env"] [unique_id "aiyY0taJbkbJfrdoQW1mOQAAAVU"]
[Fri Jun 12 20:40:02.680532 2026] [security2:error] [pid 3956:tid 3981] [client 93.123.109.214:54282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "fls.machen.ai"] [uri "/403.shtml"] [unique_id "aiyY0taJbkbJfrdoQW1mOQAAAVU"]
[Fri Jun 12 20:43:05.214876 2026] [security2:error] [pid 5462:tid 5479] [client 205.210.31.156:63782] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyZiZIjhtVyOPygpb84nwAAAAs"]
[Fri Jun 12 20:43:05.645343 2026] [security2:error] [pid 4309:tid 4315] [client 205.210.31.156:63792] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiyZiYVsvRFmPfhh-xgFHAAAAEM"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 20:47:11.031897 2026] [security2:error] [pid 4266:tid 4292] [client 79.124.40.174:57364] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/actuator/gateway/routes"] [unique_id "aiyaf8UEq4FMpjHchqRgxgAAAJg"]
[Fri Jun 12 20:47:43.843596 2026] [security2:error] [pid 4309:tid 4314] [client 78.153.140.149:44212] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyan4VsvRFmPfhh-xgLQAAAAEI"]
[Fri Jun 12 20:47:43.843860 2026] [security2:error] [pid 4309:tid 4314] [client 78.153.140.149:44212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyan4VsvRFmPfhh-xgLQAAAAEI"]
[Fri Jun 12 20:47:43.844118 2026] [security2:error] [pid 4309:tid 4314] [client 78.153.140.149:44212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.env"] [unique_id "aiyan4VsvRFmPfhh-xgLQAAAAEI"]
[Fri Jun 12 20:47:43.844813 2026] [security2:error] [pid 4309:tid 4314] [client 78.153.140.149:44212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyan4VsvRFmPfhh-xgLQAAAAEI"]
[Fri Jun 12 20:47:44.209944 2026] [security2:error] [pid 4309:tid 4312] [client 78.153.140.149:44218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyaoIVsvRFmPfhh-xgLQwAAAEA"]
[Fri Jun 12 21:04:32.235800 2026] [security2:error] [pid 4310:tid 4347] [client 172.176.1.4:57826] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "549"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "machen.ai"] [uri "/"] [unique_id "aiyekFunT5cBeiKzNzsfugAAAMc"]
[Fri Jun 12 21:07:21.687211 2026] [security2:error] [pid 4310:tid 4356] [client 77.83.39.54:37650] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfOVunT5cBeiKzNzsjWgAAANA"]
[Fri Jun 12 21:07:21.687503 2026] [security2:error] [pid 4310:tid 4356] [client 77.83.39.54:37650] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfOVunT5cBeiKzNzsjWgAAANA"]
[Fri Jun 12 21:07:21.687638 2026] [security2:error] [pid 4310:tid 4356] [client 77.83.39.54:37650] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfOVunT5cBeiKzNzsjWgAAANA"]
[Fri Jun 12 21:07:21.687914 2026] [security2:error] [pid 4310:tid 4356] [client 77.83.39.54:37650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfOVunT5cBeiKzNzsjWgAAANA"]
[Fri Jun 12 21:07:21.688218 2026] [security2:error] [pid 4310:tid 4356] [client 77.83.39.54:37650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyfOVunT5cBeiKzNzsjWgAAANA"]
[Fri Jun 12 21:07:56.939502 2026] [security2:error] [pid 4266:tid 4274] [client 77.83.39.54:52544] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfXMUEq4FMpjHchqR4NwAAAIY"]
[Fri Jun 12 21:07:56.939626 2026] [security2:error] [pid 4266:tid 4274] [client 77.83.39.54:52544] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfXMUEq4FMpjHchqR4NwAAAIY"]
[Fri Jun 12 21:07:56.939778 2026] [security2:error] [pid 4266:tid 4274] [client 77.83.39.54:52544] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfXMUEq4FMpjHchqR4NwAAAIY"]
[Fri Jun 12 21:07:56.940082 2026] [security2:error] [pid 4266:tid 4274] [client 77.83.39.54:52544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/.git/config"] [unique_id "aiyfXMUEq4FMpjHchqR4NwAAAIY"]
[Fri Jun 12 21:07:56.940358 2026] [security2:error] [pid 4266:tid 4274] [client 77.83.39.54:52544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiyfXMUEq4FMpjHchqR4NwAAAIY"]
[Fri Jun 12 21:08:06.265915 2026] [security2:error] [pid 4309:tid 4332] [client 77.83.39.54:50442] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfZoVsvRFmPfhh-xgncwAAAFQ"]
[Fri Jun 12 21:08:06.266044 2026] [security2:error] [pid 4309:tid 4332] [client 77.83.39.54:50442] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfZoVsvRFmPfhh-xgncwAAAFQ"]
[Fri Jun 12 21:08:06.266155 2026] [security2:error] [pid 4309:tid 4332] [client 77.83.39.54:50442] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfZoVsvRFmPfhh-xgncwAAAFQ"]
[Fri Jun 12 21:08:06.266343 2026] [security2:error] [pid 4309:tid 4332] [client 77.83.39.54:50442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfZoVsvRFmPfhh-xgncwAAAFQ"]
[Fri Jun 12 21:08:06.973831 2026] [security2:error] [pid 4309:tid 4332] [client 77.83.39.54:50442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyfZoVsvRFmPfhh-xgncwAAAFQ"]
[Fri Jun 12 21:08:27.528207 2026] [security2:error] [pid 4310:tid 4352] [client 77.83.39.54:45898] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfe1unT5cBeiKzNzslMQAAAMw"]
[Fri Jun 12 21:08:27.528327 2026] [security2:error] [pid 4310:tid 4352] [client 77.83.39.54:45898] ModSecurity: Warning. String match within "/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/" at TX:header_name_accept-charset. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1127"] [id "920450"] [msg "HTTP header is restricted by policy (/accept-charset/)"] [data "Restricted header detected: /accept-charset/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfe1unT5cBeiKzNzslMQAAAMw"]
[Fri Jun 12 21:08:27.528438 2026] [security2:error] [pid 4310:tid 4352] [client 77.83.39.54:45898] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfe1unT5cBeiKzNzslMQAAAMw"]
[Fri Jun 12 21:08:27.528706 2026] [security2:error] [pid 4310:tid 4352] [client 77.83.39.54:45898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.git/config"] [unique_id "aiyfe1unT5cBeiKzNzslMQAAAMw"]
[Fri Jun 12 21:08:27.977100 2026] [security2:error] [pid 4310:tid 4352] [client 77.83.39.54:45898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyfe1unT5cBeiKzNzslMQAAAMw"]
[Fri Jun 12 21:11:59.518635 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/this_is_a_new_hello_world.php
[Fri Jun 12 21:11:59.558966 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/wpconf.php
[Fri Jun 12 21:11:59.595955 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/Ov-Simple1.php
[Fri Jun 12 21:11:59.642011 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/atomlib.php
[Fri Jun 12 21:11:59.786420 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/loxico93.php
[Fri Jun 12 21:11:59.813443 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/momo.php
[Fri Jun 12 21:11:59.841582 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/asu.php
[Fri Jun 12 21:11:59.875932 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/wolf.php
[Fri Jun 12 21:11:59.918860 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/rum.php
[Fri Jun 12 21:11:59.947739 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/cxl.php
[Fri Jun 12 21:11:59.991831 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/flox.php
[Fri Jun 12 21:12:00.019974 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/drykl.php
[Fri Jun 12 21:12:00.060342 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/h2a2ck.php
[Fri Jun 12 21:12:00.088767 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/777.php
[Fri Jun 12 21:12:00.115850 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/s-axi.php
[Fri Jun 12 21:12:00.159289 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/wp-scanner.php
[Fri Jun 12 21:12:00.202805 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/crgio.php
[Fri Jun 12 21:12:00.231224 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/ops.php
[Fri Jun 12 21:12:00.258028 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/fix.php
[Fri Jun 12 21:12:00.286035 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/htto.php
[Fri Jun 12 21:12:00.344526 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/mg.php
[Fri Jun 12 21:12:00.373727 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/spawns.php
[Fri Jun 12 21:12:00.413643 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/dragonshell.php
[Fri Jun 12 21:12:00.491041 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/samll.php
[Fri Jun 12 21:12:00.579510 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/Cap.php
[Fri Jun 12 21:12:00.608433 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/spire.php
[Fri Jun 12 21:12:00.637757 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/auto.php
[Fri Jun 12 21:12:00.665012 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/twinklingly.php
[Fri Jun 12 21:12:00.692797 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/12.php
[Fri Jun 12 21:12:00.731840 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/cakr3xr4.php
[Fri Jun 12 21:12:00.774459 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/yoy123.php
[Fri Jun 12 21:12:00.828190 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/fff.php
[Fri Jun 12 21:12:00.861495 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/dccs.php
[Fri Jun 12 21:12:00.896504 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/wp-form.php
[Fri Jun 12 21:12:00.924073 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/x.php
[Fri Jun 12 21:12:00.952667 2026] [:error] [pid 4309:tid 4322] [client 130.131.220.154:59910] File does not exist: /disk001/sonne/public_html/invisi.php
[Fri Jun 12 21:14:48.847425 2026] [security2:error] [pid 5057:tid 5064] [client 198.235.24.135:61594] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyg-BoFVnsH4cPWudhhSAAAAQI"]
[Fri Jun 12 21:16:54.424464 2026] [security2:error] [pid 4310:tid 4348] [client 34.62.196.247:38666] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyhdlunT5cBeiKzNzstugAAAMg"]
[Fri Jun 12 21:28:45.535784 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiykPRoFVnsH4cPWudhvrgAAAQs"]
[Fri Jun 12 21:28:45.536023 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiykPRoFVnsH4cPWudhvrgAAAQs"]
[Fri Jun 12 21:28:45.536278 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env"] [unique_id "aiykPRoFVnsH4cPWudhvrgAAAQs"]
[Fri Jun 12 21:28:46.180186 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykPRoFVnsH4cPWudhvrgAAAQs"]
[Fri Jun 12 21:28:46.312935 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.local"] [unique_id "aiykPhoFVnsH4cPWudhvswAAAQs"]
[Fri Jun 12 21:28:46.313192 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.local"] [unique_id "aiykPhoFVnsH4cPWudhvswAAAQs"]
[Fri Jun 12 21:28:46.313435 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.local"] [unique_id "aiykPhoFVnsH4cPWudhvswAAAQs"]
[Fri Jun 12 21:28:46.934512 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykPhoFVnsH4cPWudhvswAAAQs"]
[Fri Jun 12 21:28:47.070226 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.production"] [unique_id "aiykPxoFVnsH4cPWudhvtgAAAQs"]
[Fri Jun 12 21:28:47.070436 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.production"] [unique_id "aiykPxoFVnsH4cPWudhvtgAAAQs"]
[Fri Jun 12 21:28:47.070838 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.production"] [unique_id "aiykPxoFVnsH4cPWudhvtgAAAQs"]
[Fri Jun 12 21:28:47.883834 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykPxoFVnsH4cPWudhvtgAAAQs"]
[Fri Jun 12 21:28:48.016548 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.prod"] [unique_id "aiykQBoFVnsH4cPWudhvugAAAQs"]
[Fri Jun 12 21:28:48.016776 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.prod"] [unique_id "aiykQBoFVnsH4cPWudhvugAAAQs"]
[Fri Jun 12 21:28:48.017018 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.prod"] [unique_id "aiykQBoFVnsH4cPWudhvugAAAQs"]
[Fri Jun 12 21:28:48.647011 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQBoFVnsH4cPWudhvugAAAQs"]
[Fri Jun 12 21:28:48.780629 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.development"] [unique_id "aiykQBoFVnsH4cPWudhvvQAAAQs"]
[Fri Jun 12 21:28:48.780860 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.development"] [unique_id "aiykQBoFVnsH4cPWudhvvQAAAQs"]
[Fri Jun 12 21:28:48.781114 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.development"] [unique_id "aiykQBoFVnsH4cPWudhvvQAAAQs"]
[Fri Jun 12 21:28:49.442103 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQBoFVnsH4cPWudhvvQAAAQs"]
[Fri Jun 12 21:28:49.573672 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.dev"] [unique_id "aiykQRoFVnsH4cPWudhvwgAAAQs"]
[Fri Jun 12 21:28:49.573898 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.dev"] [unique_id "aiykQRoFVnsH4cPWudhvwgAAAQs"]
[Fri Jun 12 21:28:49.574142 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.dev"] [unique_id "aiykQRoFVnsH4cPWudhvwgAAAQs"]
[Fri Jun 12 21:28:50.040508 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQRoFVnsH4cPWudhvwgAAAQs"]
[Fri Jun 12 21:28:50.172527 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.staging"] [unique_id "aiykQhoFVnsH4cPWudhvxAAAAQs"]
[Fri Jun 12 21:28:50.172768 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.staging"] [unique_id "aiykQhoFVnsH4cPWudhvxAAAAQs"]
[Fri Jun 12 21:28:50.173098 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.staging"] [unique_id "aiykQhoFVnsH4cPWudhvxAAAAQs"]
[Fri Jun 12 21:28:50.709637 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQhoFVnsH4cPWudhvxAAAAQs"]
[Fri Jun 12 21:28:50.845446 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.stage"] [unique_id "aiykQhoFVnsH4cPWudhvyAAAAQs"]
[Fri Jun 12 21:28:50.845592 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.stage"] [unique_id "aiykQhoFVnsH4cPWudhvyAAAAQs"]
[Fri Jun 12 21:28:50.845881 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.stage"] [unique_id "aiykQhoFVnsH4cPWudhvyAAAAQs"]
[Fri Jun 12 21:28:51.868334 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQhoFVnsH4cPWudhvyAAAAQs"]
[Fri Jun 12 21:28:52.000749 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.test"] [unique_id "aiykQxoFVnsH4cPWudhvzQAAAQs"]
[Fri Jun 12 21:28:52.000943 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.test"] [unique_id "aiykQxoFVnsH4cPWudhvzQAAAQs"]
[Fri Jun 12 21:28:52.001179 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.test"] [unique_id "aiykQxoFVnsH4cPWudhvzQAAAQs"]
[Fri Jun 12 21:28:52.700561 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykQxoFVnsH4cPWudhvzQAAAQs"]
[Fri Jun 12 21:28:52.835833 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.uat"] [unique_id "aiykRBoFVnsH4cPWudhv0AAAAQs"]
[Fri Jun 12 21:28:52.836048 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.uat"] [unique_id "aiykRBoFVnsH4cPWudhv0AAAAQs"]
[Fri Jun 12 21:28:52.836307 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.uat"] [unique_id "aiykRBoFVnsH4cPWudhv0AAAAQs"]
[Fri Jun 12 21:28:53.282998 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRBoFVnsH4cPWudhv0AAAAQs"]
[Fri Jun 12 21:28:53.416561 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.qa"] [unique_id "aiykRRoFVnsH4cPWudhv0wAAAQs"]
[Fri Jun 12 21:28:53.416852 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.qa"] [unique_id "aiykRRoFVnsH4cPWudhv0wAAAQs"]
[Fri Jun 12 21:28:53.417099 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.qa"] [unique_id "aiykRRoFVnsH4cPWudhv0wAAAQs"]
[Fri Jun 12 21:28:53.886058 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRRoFVnsH4cPWudhv0wAAAQs"]
[Fri Jun 12 21:28:54.024004 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.preprod"] [unique_id "aiykRhoFVnsH4cPWudhv1QAAAQs"]
[Fri Jun 12 21:28:54.024226 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.preprod"] [unique_id "aiykRhoFVnsH4cPWudhv1QAAAQs"]
[Fri Jun 12 21:28:54.024463 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.preprod"] [unique_id "aiykRhoFVnsH4cPWudhv1QAAAQs"]
[Fri Jun 12 21:28:54.623963 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRhoFVnsH4cPWudhv1QAAAQs"]
[Fri Jun 12 21:28:54.759897 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.live"] [unique_id "aiykRhoFVnsH4cPWudhv2QAAAQs"]
[Fri Jun 12 21:28:54.760152 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.live"] [unique_id "aiykRhoFVnsH4cPWudhv2QAAAQs"]
[Fri Jun 12 21:28:54.760436 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.live"] [unique_id "aiykRhoFVnsH4cPWudhv2QAAAQs"]
[Fri Jun 12 21:28:55.074075 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRhoFVnsH4cPWudhv2QAAAQs"]
[Fri Jun 12 21:28:55.206509 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.example"] [unique_id "aiykRxoFVnsH4cPWudhv3AAAAQs"]
[Fri Jun 12 21:28:55.206665 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.example"] [unique_id "aiykRxoFVnsH4cPWudhv3AAAAQs"]
[Fri Jun 12 21:28:55.207016 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.example"] [unique_id "aiykRxoFVnsH4cPWudhv3AAAAQs"]
[Fri Jun 12 21:28:55.823712 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRxoFVnsH4cPWudhv3AAAAQs"]
[Fri Jun 12 21:28:55.954778 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.sample"] [unique_id "aiykRxoFVnsH4cPWudhv4AAAAQs"]
[Fri Jun 12 21:28:55.955040 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.sample"] [unique_id "aiykRxoFVnsH4cPWudhv4AAAAQs"]
[Fri Jun 12 21:28:55.955336 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.sample"] [unique_id "aiykRxoFVnsH4cPWudhv4AAAAQs"]
[Fri Jun 12 21:28:56.489671 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykRxoFVnsH4cPWudhv4AAAAQs"]
[Fri Jun 12 21:28:56.624627 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.dist"] [unique_id "aiykSBoFVnsH4cPWudhv5AAAAQs"]
[Fri Jun 12 21:28:56.624968 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.dist"] [unique_id "aiykSBoFVnsH4cPWudhv5AAAAQs"]
[Fri Jun 12 21:28:56.625278 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.dist"] [unique_id "aiykSBoFVnsH4cPWudhv5AAAAQs"]
[Fri Jun 12 21:28:57.060039 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykSBoFVnsH4cPWudhv5AAAAQs"]
[Fri Jun 12 21:28:57.198646 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.bak"] [unique_id "aiykSRoFVnsH4cPWudhv5wAAAQs"]
[Fri Jun 12 21:28:57.198811 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.bak"] [unique_id "aiykSRoFVnsH4cPWudhv5wAAAQs"]
[Fri Jun 12 21:28:57.199041 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.bak"] [unique_id "aiykSRoFVnsH4cPWudhv5wAAAQs"]
[Fri Jun 12 21:28:57.199367 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.bak"] [unique_id "aiykSRoFVnsH4cPWudhv5wAAAQs"]
[Fri Jun 12 21:28:57.739459 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykSRoFVnsH4cPWudhv5wAAAQs"]
[Fri Jun 12 21:28:57.873448 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.backup"] [unique_id "aiykSRoFVnsH4cPWudhv7AAAAQs"]
[Fri Jun 12 21:28:57.873526 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.backup"] [unique_id "aiykSRoFVnsH4cPWudhv7AAAAQs"]
[Fri Jun 12 21:28:57.873656 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.backup"] [unique_id "aiykSRoFVnsH4cPWudhv7AAAAQs"]
[Fri Jun 12 21:28:57.873949 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.backup"] [unique_id "aiykSRoFVnsH4cPWudhv7AAAAQs"]
[Fri Jun 12 21:28:58.388384 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykSRoFVnsH4cPWudhv7AAAAQs"]
[Fri Jun 12 21:28:58.520716 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.old"] [unique_id "aiykShoFVnsH4cPWudhv7wAAAQs"]
[Fri Jun 12 21:28:58.520802 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.old"] [unique_id "aiykShoFVnsH4cPWudhv7wAAAQs"]
[Fri Jun 12 21:28:58.520990 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.old"] [unique_id "aiykShoFVnsH4cPWudhv7wAAAQs"]
[Fri Jun 12 21:28:58.521249 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.old"] [unique_id "aiykShoFVnsH4cPWudhv7wAAAQs"]
[Fri Jun 12 21:28:59.142039 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykShoFVnsH4cPWudhv7wAAAQs"]
[Fri Jun 12 21:28:59.280588 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.save"] [unique_id "aiykSxoFVnsH4cPWudhv8wAAAQs"]
[Fri Jun 12 21:28:59.280811 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.save"] [unique_id "aiykSxoFVnsH4cPWudhv8wAAAQs"]
[Fri Jun 12 21:28:59.281042 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.save"] [unique_id "aiykSxoFVnsH4cPWudhv8wAAAQs"]
[Fri Jun 12 21:28:59.968378 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykSxoFVnsH4cPWudhv8wAAAQs"]
[Fri Jun 12 21:29:00.101467 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.swp"] [unique_id "aiykTBoFVnsH4cPWudhv9QAAAQs"]
[Fri Jun 12 21:29:00.101536 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/.env.swp"] [unique_id "aiykTBoFVnsH4cPWudhv9QAAAQs"]
[Fri Jun 12 21:29:00.101659 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/.env.swp"] [unique_id "aiykTBoFVnsH4cPWudhv9QAAAQs"]
[Fri Jun 12 21:29:00.101839 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/.env.swp"] [unique_id "aiykTBoFVnsH4cPWudhv9QAAAQs"]
[Fri Jun 12 21:29:00.776049 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykTBoFVnsH4cPWudhv9QAAAQs"]
[Fri Jun 12 21:29:00.912889 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env"] [unique_id "aiykTBoFVnsH4cPWudhv-gAAAQs"]
[Fri Jun 12 21:29:00.913113 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env"] [unique_id "aiykTBoFVnsH4cPWudhv-gAAAQs"]
[Fri Jun 12 21:29:00.913466 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env"] [unique_id "aiykTBoFVnsH4cPWudhv-gAAAQs"]
[Fri Jun 12 21:29:01.365670 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykTBoFVnsH4cPWudhv-gAAAQs"]
[Fri Jun 12 21:29:01.499712 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.local"] [unique_id "aiykTRoFVnsH4cPWudhv_AAAAQs"]
[Fri Jun 12 21:29:01.499898 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.local"] [unique_id "aiykTRoFVnsH4cPWudhv_AAAAQs"]
[Fri Jun 12 21:29:01.500130 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.local"] [unique_id "aiykTRoFVnsH4cPWudhv_AAAAQs"]
[Fri Jun 12 21:29:02.295644 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykTRoFVnsH4cPWudhv_AAAAQs"]
[Fri Jun 12 21:29:02.428861 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.production"] [unique_id "aiykThoFVnsH4cPWudhwAAAAAQs"]
[Fri Jun 12 21:29:02.429170 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.production"] [unique_id "aiykThoFVnsH4cPWudhwAAAAAQs"]
[Fri Jun 12 21:29:02.429430 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.production"] [unique_id "aiykThoFVnsH4cPWudhwAAAAAQs"]
[Fri Jun 12 21:29:03.356357 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykThoFVnsH4cPWudhwAAAAAQs"]
[Fri Jun 12 21:29:03.489169 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.prod"] [unique_id "aiykTxoFVnsH4cPWudhwBgAAAQs"]
[Fri Jun 12 21:29:03.489398 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.prod"] [unique_id "aiykTxoFVnsH4cPWudhwBgAAAQs"]
[Fri Jun 12 21:29:03.489639 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.prod"] [unique_id "aiykTxoFVnsH4cPWudhwBgAAAQs"]
[Fri Jun 12 21:29:04.213660 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykTxoFVnsH4cPWudhwBgAAAQs"]
[Fri Jun 12 21:29:04.347564 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.development"] [unique_id "aiykUBoFVnsH4cPWudhwCQAAAQs"]
[Fri Jun 12 21:29:04.347837 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.development"] [unique_id "aiykUBoFVnsH4cPWudhwCQAAAQs"]
[Fri Jun 12 21:29:04.348142 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.development"] [unique_id "aiykUBoFVnsH4cPWudhwCQAAAQs"]
[Fri Jun 12 21:29:04.999832 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykUBoFVnsH4cPWudhwCQAAAQs"]
[Fri Jun 12 21:29:05.134524 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.dev"] [unique_id "aiykURoFVnsH4cPWudhwDQAAAQs"]
[Fri Jun 12 21:29:05.134817 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.dev"] [unique_id "aiykURoFVnsH4cPWudhwDQAAAQs"]
[Fri Jun 12 21:29:05.135048 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.dev"] [unique_id "aiykURoFVnsH4cPWudhwDQAAAQs"]
[Fri Jun 12 21:29:05.644156 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykURoFVnsH4cPWudhwDQAAAQs"]
[Fri Jun 12 21:29:05.784671 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.staging"] [unique_id "aiykURoFVnsH4cPWudhwEAAAAQs"]
[Fri Jun 12 21:29:05.784955 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.staging"] [unique_id "aiykURoFVnsH4cPWudhwEAAAAQs"]
[Fri Jun 12 21:29:05.785178 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.staging"] [unique_id "aiykURoFVnsH4cPWudhwEAAAAQs"]
[Fri Jun 12 21:29:06.384746 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykURoFVnsH4cPWudhwEAAAAQs"]
[Fri Jun 12 21:29:06.517511 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.stage"] [unique_id "aiykUhoFVnsH4cPWudhwFAAAAQs"]
[Fri Jun 12 21:29:06.517767 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.stage"] [unique_id "aiykUhoFVnsH4cPWudhwFAAAAQs"]
[Fri Jun 12 21:29:06.518076 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.stage"] [unique_id "aiykUhoFVnsH4cPWudhwFAAAAQs"]
[Fri Jun 12 21:29:06.797019 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykUhoFVnsH4cPWudhwFAAAAQs"]
[Fri Jun 12 21:29:06.928483 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.test"] [unique_id "aiykUhoFVnsH4cPWudhwFwAAAQs"]
[Fri Jun 12 21:29:06.928655 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.test"] [unique_id "aiykUhoFVnsH4cPWudhwFwAAAQs"]
[Fri Jun 12 21:29:06.928924 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.test"] [unique_id "aiykUhoFVnsH4cPWudhwFwAAAQs"]
[Fri Jun 12 21:29:07.478394 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykUhoFVnsH4cPWudhwFwAAAQs"]
[Fri Jun 12 21:29:07.612182 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.uat"] [unique_id "aiykUxoFVnsH4cPWudhwGgAAAQs"]
[Fri Jun 12 21:29:07.612354 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.uat"] [unique_id "aiykUxoFVnsH4cPWudhwGgAAAQs"]
[Fri Jun 12 21:29:07.612546 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.uat"] [unique_id "aiykUxoFVnsH4cPWudhwGgAAAQs"]
[Fri Jun 12 21:29:08.338973 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykUxoFVnsH4cPWudhwGgAAAQs"]
[Fri Jun 12 21:29:08.472843 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.qa"] [unique_id "aiykVBoFVnsH4cPWudhwIAAAAQs"]
[Fri Jun 12 21:29:08.473074 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.qa"] [unique_id "aiykVBoFVnsH4cPWudhwIAAAAQs"]
[Fri Jun 12 21:29:08.473355 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.qa"] [unique_id "aiykVBoFVnsH4cPWudhwIAAAAQs"]
[Fri Jun 12 21:29:09.229046 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykVBoFVnsH4cPWudhwIAAAAQs"]
[Fri Jun 12 21:29:09.363769 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.preprod"] [unique_id "aiykVRoFVnsH4cPWudhwJAAAAQs"]
[Fri Jun 12 21:29:09.363960 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.preprod"] [unique_id "aiykVRoFVnsH4cPWudhwJAAAAQs"]
[Fri Jun 12 21:29:09.364173 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.preprod"] [unique_id "aiykVRoFVnsH4cPWudhwJAAAAQs"]
[Fri Jun 12 21:29:10.407967 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykVRoFVnsH4cPWudhwJAAAAQs"]
[Fri Jun 12 21:29:10.544175 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.live"] [unique_id "aiykVhoFVnsH4cPWudhwKQAAAQs"]
[Fri Jun 12 21:29:10.544347 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.live"] [unique_id "aiykVhoFVnsH4cPWudhwKQAAAQs"]
[Fri Jun 12 21:29:10.544534 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.live"] [unique_id "aiykVhoFVnsH4cPWudhwKQAAAQs"]
[Fri Jun 12 21:29:11.051925 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykVhoFVnsH4cPWudhwKQAAAQs"]
[Fri Jun 12 21:29:11.184899 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.example"] [unique_id "aiykVxoFVnsH4cPWudhwKwAAAQs"]
[Fri Jun 12 21:29:11.185121 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.example"] [unique_id "aiykVxoFVnsH4cPWudhwKwAAAQs"]
[Fri Jun 12 21:29:11.185396 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.example"] [unique_id "aiykVxoFVnsH4cPWudhwKwAAAQs"]
[Fri Jun 12 21:29:11.566463 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykVxoFVnsH4cPWudhwKwAAAQs"]
[Fri Jun 12 21:29:11.700653 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.sample"] [unique_id "aiykVxoFVnsH4cPWudhwLwAAAQs"]
[Fri Jun 12 21:29:11.700864 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.sample"] [unique_id "aiykVxoFVnsH4cPWudhwLwAAAQs"]
[Fri Jun 12 21:29:11.701085 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.sample"] [unique_id "aiykVxoFVnsH4cPWudhwLwAAAQs"]
[Fri Jun 12 21:29:12.599653 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykVxoFVnsH4cPWudhwLwAAAQs"]
[Fri Jun 12 21:29:12.730520 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.dist"] [unique_id "aiykWBoFVnsH4cPWudhwMwAAAQs"]
[Fri Jun 12 21:29:12.730790 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.dist"] [unique_id "aiykWBoFVnsH4cPWudhwMwAAAQs"]
[Fri Jun 12 21:29:12.731141 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.dist"] [unique_id "aiykWBoFVnsH4cPWudhwMwAAAQs"]
[Fri Jun 12 21:29:13.443958 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykWBoFVnsH4cPWudhwMwAAAQs"]
[Fri Jun 12 21:29:13.575079 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.bak"] [unique_id "aiykWRoFVnsH4cPWudhwOAAAAQs"]
[Fri Jun 12 21:29:13.575165 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.bak"] [unique_id "aiykWRoFVnsH4cPWudhwOAAAAQs"]
[Fri Jun 12 21:29:13.575350 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.bak"] [unique_id "aiykWRoFVnsH4cPWudhwOAAAAQs"]
[Fri Jun 12 21:29:13.575619 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.bak"] [unique_id "aiykWRoFVnsH4cPWudhwOAAAAQs"]
[Fri Jun 12 21:29:13.974309 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykWRoFVnsH4cPWudhwOAAAAQs"]
[Fri Jun 12 21:29:14.109025 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.backup"] [unique_id "aiykWhoFVnsH4cPWudhwOwAAAQs"]
[Fri Jun 12 21:29:14.109122 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.backup"] [unique_id "aiykWhoFVnsH4cPWudhwOwAAAQs"]
[Fri Jun 12 21:29:14.109271 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.backup"] [unique_id "aiykWhoFVnsH4cPWudhwOwAAAQs"]
[Fri Jun 12 21:29:14.109478 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.backup"] [unique_id "aiykWhoFVnsH4cPWudhwOwAAAQs"]
[Fri Jun 12 21:29:14.902031 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykWhoFVnsH4cPWudhwOwAAAQs"]
[Fri Jun 12 21:29:15.039870 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.old"] [unique_id "aiykWxoFVnsH4cPWudhwQAAAAQs"]
[Fri Jun 12 21:29:15.040017 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.old"] [unique_id "aiykWxoFVnsH4cPWudhwQAAAAQs"]
[Fri Jun 12 21:29:15.040189 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.old"] [unique_id "aiykWxoFVnsH4cPWudhwQAAAAQs"]
[Fri Jun 12 21:29:15.040503 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.old"] [unique_id "aiykWxoFVnsH4cPWudhwQAAAAQs"]
[Fri Jun 12 21:29:15.838017 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykWxoFVnsH4cPWudhwQAAAAQs"]
[Fri Jun 12 21:29:15.969652 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.save"] [unique_id "aiykWxoFVnsH4cPWudhwRAAAAQs"]
[Fri Jun 12 21:29:15.969915 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.save"] [unique_id "aiykWxoFVnsH4cPWudhwRAAAAQs"]
[Fri Jun 12 21:29:15.970213 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.save"] [unique_id "aiykWxoFVnsH4cPWudhwRAAAAQs"]
[Fri Jun 12 21:29:16.723892 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykWxoFVnsH4cPWudhwRAAAAQs"]
[Fri Jun 12 21:29:16.857601 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.swp"] [unique_id "aiykXBoFVnsH4cPWudhwSAAAAQs"]
[Fri Jun 12 21:29:16.857705 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/public/.env.swp"] [unique_id "aiykXBoFVnsH4cPWudhwSAAAAQs"]
[Fri Jun 12 21:29:16.857856 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/public/.env.swp"] [unique_id "aiykXBoFVnsH4cPWudhwSAAAAQs"]
[Fri Jun 12 21:29:16.858131 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/public/.env.swp"] [unique_id "aiykXBoFVnsH4cPWudhwSAAAAQs"]
[Fri Jun 12 21:29:17.380555 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykXBoFVnsH4cPWudhwSAAAAQs"]
[Fri Jun 12 21:29:17.511637 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env"] [unique_id "aiykXRoFVnsH4cPWudhwSgAAAQs"]
[Fri Jun 12 21:29:17.511894 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env"] [unique_id "aiykXRoFVnsH4cPWudhwSgAAAQs"]
[Fri Jun 12 21:29:17.512174 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env"] [unique_id "aiykXRoFVnsH4cPWudhwSgAAAQs"]
[Fri Jun 12 21:29:18.149263 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykXRoFVnsH4cPWudhwSgAAAQs"]
[Fri Jun 12 21:29:18.283654 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.local"] [unique_id "aiykXhoFVnsH4cPWudhwTgAAAQs"]
[Fri Jun 12 21:29:18.283916 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.local"] [unique_id "aiykXhoFVnsH4cPWudhwTgAAAQs"]
[Fri Jun 12 21:29:18.284149 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.local"] [unique_id "aiykXhoFVnsH4cPWudhwTgAAAQs"]
[Fri Jun 12 21:29:18.907461 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykXhoFVnsH4cPWudhwTgAAAQs"]
[Fri Jun 12 21:29:19.041816 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.production"] [unique_id "aiykXxoFVnsH4cPWudhwUwAAAQs"]
[Fri Jun 12 21:29:19.042055 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.production"] [unique_id "aiykXxoFVnsH4cPWudhwUwAAAQs"]
[Fri Jun 12 21:29:19.042280 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.production"] [unique_id "aiykXxoFVnsH4cPWudhwUwAAAQs"]
[Fri Jun 12 21:29:19.698959 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykXxoFVnsH4cPWudhwUwAAAQs"]
[Fri Jun 12 21:29:19.830134 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.prod"] [unique_id "aiykXxoFVnsH4cPWudhwVgAAAQs"]
[Fri Jun 12 21:29:19.830371 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.prod"] [unique_id "aiykXxoFVnsH4cPWudhwVgAAAQs"]
[Fri Jun 12 21:29:19.830638 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.prod"] [unique_id "aiykXxoFVnsH4cPWudhwVgAAAQs"]
[Fri Jun 12 21:29:20.495674 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykXxoFVnsH4cPWudhwVgAAAQs"]
[Fri Jun 12 21:29:20.627957 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.development"] [unique_id "aiykYBoFVnsH4cPWudhwWgAAAQs"]
[Fri Jun 12 21:29:20.628183 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.development"] [unique_id "aiykYBoFVnsH4cPWudhwWgAAAQs"]
[Fri Jun 12 21:29:20.628458 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.development"] [unique_id "aiykYBoFVnsH4cPWudhwWgAAAQs"]
[Fri Jun 12 21:29:21.333084 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykYBoFVnsH4cPWudhwWgAAAQs"]
[Fri Jun 12 21:29:21.464328 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.dev"] [unique_id "aiykYRoFVnsH4cPWudhwXgAAAQs"]
[Fri Jun 12 21:29:21.464540 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.dev"] [unique_id "aiykYRoFVnsH4cPWudhwXgAAAQs"]
[Fri Jun 12 21:29:21.464849 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.dev"] [unique_id "aiykYRoFVnsH4cPWudhwXgAAAQs"]
[Fri Jun 12 21:29:22.138649 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykYRoFVnsH4cPWudhwXgAAAQs"]
[Fri Jun 12 21:29:22.269975 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.staging"] [unique_id "aiykYhoFVnsH4cPWudhwYgAAAQs"]
[Fri Jun 12 21:29:22.270166 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.staging"] [unique_id "aiykYhoFVnsH4cPWudhwYgAAAQs"]
[Fri Jun 12 21:29:22.270464 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.staging"] [unique_id "aiykYhoFVnsH4cPWudhwYgAAAQs"]
[Fri Jun 12 21:29:23.095041 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykYhoFVnsH4cPWudhwYgAAAQs"]
[Fri Jun 12 21:29:23.229647 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.stage"] [unique_id "aiykYxoFVnsH4cPWudhwZgAAAQs"]
[Fri Jun 12 21:29:23.229871 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.stage"] [unique_id "aiykYxoFVnsH4cPWudhwZgAAAQs"]
[Fri Jun 12 21:29:23.230130 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.stage"] [unique_id "aiykYxoFVnsH4cPWudhwZgAAAQs"]
[Fri Jun 12 21:29:23.771194 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykYxoFVnsH4cPWudhwZgAAAQs"]
[Fri Jun 12 21:29:23.909261 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.test"] [unique_id "aiykYxoFVnsH4cPWudhwagAAAQs"]
[Fri Jun 12 21:29:23.909474 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.test"] [unique_id "aiykYxoFVnsH4cPWudhwagAAAQs"]
[Fri Jun 12 21:29:23.909866 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.test"] [unique_id "aiykYxoFVnsH4cPWudhwagAAAQs"]
[Fri Jun 12 21:29:24.444877 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykYxoFVnsH4cPWudhwagAAAQs"]
[Fri Jun 12 21:29:24.579794 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.uat"] [unique_id "aiykZBoFVnsH4cPWudhwbAAAAQs"]
[Fri Jun 12 21:29:24.579988 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.uat"] [unique_id "aiykZBoFVnsH4cPWudhwbAAAAQs"]
[Fri Jun 12 21:29:24.580195 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.uat"] [unique_id "aiykZBoFVnsH4cPWudhwbAAAAQs"]
[Fri Jun 12 21:29:25.017906 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykZBoFVnsH4cPWudhwbAAAAQs"]
[Fri Jun 12 21:29:25.156884 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.qa"] [unique_id "aiykZRoFVnsH4cPWudhwcAAAAQs"]
[Fri Jun 12 21:29:25.157120 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.qa"] [unique_id "aiykZRoFVnsH4cPWudhwcAAAAQs"]
[Fri Jun 12 21:29:25.157415 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.qa"] [unique_id "aiykZRoFVnsH4cPWudhwcAAAAQs"]
[Fri Jun 12 21:29:25.684715 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykZRoFVnsH4cPWudhwcAAAAQs"]
[Fri Jun 12 21:29:25.815672 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.preprod"] [unique_id "aiykZRoFVnsH4cPWudhwdQAAAQs"]
[Fri Jun 12 21:29:25.815837 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.preprod"] [unique_id "aiykZRoFVnsH4cPWudhwdQAAAQs"]
[Fri Jun 12 21:29:25.816023 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.preprod"] [unique_id "aiykZRoFVnsH4cPWudhwdQAAAQs"]
[Fri Jun 12 21:29:26.596503 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykZRoFVnsH4cPWudhwdQAAAQs"]
[Fri Jun 12 21:29:26.732751 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.live"] [unique_id "aiykZhoFVnsH4cPWudhwewAAAQs"]
[Fri Jun 12 21:29:26.733064 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.live"] [unique_id "aiykZhoFVnsH4cPWudhwewAAAQs"]
[Fri Jun 12 21:29:26.733331 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.live"] [unique_id "aiykZhoFVnsH4cPWudhwewAAAQs"]
[Fri Jun 12 21:29:27.393052 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykZhoFVnsH4cPWudhwewAAAQs"]
[Fri Jun 12 21:29:27.527001 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.example"] [unique_id "aiykZxoFVnsH4cPWudhwgAAAAQs"]
[Fri Jun 12 21:29:27.527354 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.example"] [unique_id "aiykZxoFVnsH4cPWudhwgAAAAQs"]
[Fri Jun 12 21:29:27.527642 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.example"] [unique_id "aiykZxoFVnsH4cPWudhwgAAAAQs"]
[Fri Jun 12 21:29:28.185951 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykZxoFVnsH4cPWudhwgAAAAQs"]
[Fri Jun 12 21:29:28.320350 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.sample"] [unique_id "aiykaBoFVnsH4cPWudhwhAAAAQs"]
[Fri Jun 12 21:29:28.320510 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.sample"] [unique_id "aiykaBoFVnsH4cPWudhwhAAAAQs"]
[Fri Jun 12 21:29:28.320725 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.sample"] [unique_id "aiykaBoFVnsH4cPWudhwhAAAAQs"]
[Fri Jun 12 21:29:28.982505 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykaBoFVnsH4cPWudhwhAAAAQs"]
[Fri Jun 12 21:29:29.115238 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.dist"] [unique_id "aiykaRoFVnsH4cPWudhwiwAAAQs"]
[Fri Jun 12 21:29:29.115636 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.dist"] [unique_id "aiykaRoFVnsH4cPWudhwiwAAAQs"]
[Fri Jun 12 21:29:29.115983 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.dist"] [unique_id "aiykaRoFVnsH4cPWudhwiwAAAQs"]
[Fri Jun 12 21:29:30.016185 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykaRoFVnsH4cPWudhwiwAAAQs"]
[Fri Jun 12 21:29:30.147169 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.bak"] [unique_id "aiykahoFVnsH4cPWudhwkAAAAQs"]
[Fri Jun 12 21:29:30.147282 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.bak"] [unique_id "aiykahoFVnsH4cPWudhwkAAAAQs"]
[Fri Jun 12 21:29:30.147454 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.bak"] [unique_id "aiykahoFVnsH4cPWudhwkAAAAQs"]
[Fri Jun 12 21:29:30.147820 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.bak"] [unique_id "aiykahoFVnsH4cPWudhwkAAAAQs"]
[Fri Jun 12 21:29:30.668238 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykahoFVnsH4cPWudhwkAAAAQs"]
[Fri Jun 12 21:29:30.802853 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.backup"] [unique_id "aiykahoFVnsH4cPWudhwlgAAAQs"]
[Fri Jun 12 21:29:30.802925 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.backup"] [unique_id "aiykahoFVnsH4cPWudhwlgAAAQs"]
[Fri Jun 12 21:29:30.803050 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.backup"] [unique_id "aiykahoFVnsH4cPWudhwlgAAAQs"]
[Fri Jun 12 21:29:30.803301 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.backup"] [unique_id "aiykahoFVnsH4cPWudhwlgAAAQs"]
[Fri Jun 12 21:29:31.262295 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykahoFVnsH4cPWudhwlgAAAQs"]
[Fri Jun 12 21:29:31.395417 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.old"] [unique_id "aiykaxoFVnsH4cPWudhwnAAAAQs"]
[Fri Jun 12 21:29:31.395564 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.old"] [unique_id "aiykaxoFVnsH4cPWudhwnAAAAQs"]
[Fri Jun 12 21:29:31.395875 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.old"] [unique_id "aiykaxoFVnsH4cPWudhwnAAAAQs"]
[Fri Jun 12 21:29:31.396230 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.old"] [unique_id "aiykaxoFVnsH4cPWudhwnAAAAQs"]
[Fri Jun 12 21:29:31.891061 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykaxoFVnsH4cPWudhwnAAAAQs"]
[Fri Jun 12 21:29:32.025863 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.save"] [unique_id "aiykbBoFVnsH4cPWudhwnwAAAQs"]
[Fri Jun 12 21:29:32.026088 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.save"] [unique_id "aiykbBoFVnsH4cPWudhwnwAAAQs"]
[Fri Jun 12 21:29:32.026340 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.save"] [unique_id "aiykbBoFVnsH4cPWudhwnwAAAQs"]
[Fri Jun 12 21:29:32.543256 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbBoFVnsH4cPWudhwnwAAAQs"]
[Fri Jun 12 21:29:32.675995 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.swp"] [unique_id "aiykbBoFVnsH4cPWudhwpQAAAQs"]
[Fri Jun 12 21:29:32.676176 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/shared/.env.swp"] [unique_id "aiykbBoFVnsH4cPWudhwpQAAAQs"]
[Fri Jun 12 21:29:32.676368 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/shared/.env.swp"] [unique_id "aiykbBoFVnsH4cPWudhwpQAAAQs"]
[Fri Jun 12 21:29:32.676665 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/shared/.env.swp"] [unique_id "aiykbBoFVnsH4cPWudhwpQAAAQs"]
[Fri Jun 12 21:29:33.179002 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbBoFVnsH4cPWudhwpQAAAQs"]
[Fri Jun 12 21:29:33.312679 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env"] [unique_id "aiykbRoFVnsH4cPWudhwpwAAAQs"]
[Fri Jun 12 21:29:33.312912 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env"] [unique_id "aiykbRoFVnsH4cPWudhwpwAAAQs"]
[Fri Jun 12 21:29:33.313194 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env"] [unique_id "aiykbRoFVnsH4cPWudhwpwAAAQs"]
[Fri Jun 12 21:29:33.919488 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbRoFVnsH4cPWudhwpwAAAQs"]
[Fri Jun 12 21:29:34.053031 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.local"] [unique_id "aiykbhoFVnsH4cPWudhwrgAAAQs"]
[Fri Jun 12 21:29:34.053237 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.local"] [unique_id "aiykbhoFVnsH4cPWudhwrgAAAQs"]
[Fri Jun 12 21:29:34.053477 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.local"] [unique_id "aiykbhoFVnsH4cPWudhwrgAAAQs"]
[Fri Jun 12 21:29:34.791243 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbhoFVnsH4cPWudhwrgAAAQs"]
[Fri Jun 12 21:29:34.923145 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.production"] [unique_id "aiykbhoFVnsH4cPWudhwtQAAAQs"]
[Fri Jun 12 21:29:34.923341 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.production"] [unique_id "aiykbhoFVnsH4cPWudhwtQAAAQs"]
[Fri Jun 12 21:29:34.923543 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.production"] [unique_id "aiykbhoFVnsH4cPWudhwtQAAAQs"]
[Fri Jun 12 21:29:35.681006 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbhoFVnsH4cPWudhwtQAAAQs"]
[Fri Jun 12 21:29:35.813342 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.prod"] [unique_id "aiykbxoFVnsH4cPWudhwuwAAAQs"]
[Fri Jun 12 21:29:35.813573 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.prod"] [unique_id "aiykbxoFVnsH4cPWudhwuwAAAQs"]
[Fri Jun 12 21:29:35.813850 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.prod"] [unique_id "aiykbxoFVnsH4cPWudhwuwAAAQs"]
[Fri Jun 12 21:29:36.486151 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykbxoFVnsH4cPWudhwuwAAAQs"]
[Fri Jun 12 21:29:36.624053 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.development"] [unique_id "aiykcBoFVnsH4cPWudhwwQAAAQs"]
[Fri Jun 12 21:29:36.624323 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.development"] [unique_id "aiykcBoFVnsH4cPWudhwwQAAAQs"]
[Fri Jun 12 21:29:36.624556 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.development"] [unique_id "aiykcBoFVnsH4cPWudhwwQAAAQs"]
[Fri Jun 12 21:29:37.132441 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykcBoFVnsH4cPWudhwwQAAAQs"]
[Fri Jun 12 21:29:37.264646 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.dev"] [unique_id "aiykcRoFVnsH4cPWudhwxQAAAQs"]
[Fri Jun 12 21:29:37.264882 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.dev"] [unique_id "aiykcRoFVnsH4cPWudhwxQAAAQs"]
[Fri Jun 12 21:29:37.265111 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.dev"] [unique_id "aiykcRoFVnsH4cPWudhwxQAAAQs"]
[Fri Jun 12 21:29:37.714222 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykcRoFVnsH4cPWudhwxQAAAQs"]
[Fri Jun 12 21:29:37.847342 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.staging"] [unique_id "aiykcRoFVnsH4cPWudhwywAAAQs"]
[Fri Jun 12 21:29:37.847524 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.staging"] [unique_id "aiykcRoFVnsH4cPWudhwywAAAQs"]
[Fri Jun 12 21:29:37.847776 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.staging"] [unique_id "aiykcRoFVnsH4cPWudhwywAAAQs"]
[Fri Jun 12 21:29:38.483492 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykcRoFVnsH4cPWudhwywAAAQs"]
[Fri Jun 12 21:29:38.616031 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.stage"] [unique_id "aiykchoFVnsH4cPWudhw0QAAAQs"]
[Fri Jun 12 21:29:38.616224 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.stage"] [unique_id "aiykchoFVnsH4cPWudhw0QAAAQs"]
[Fri Jun 12 21:29:38.616487 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.stage"] [unique_id "aiykchoFVnsH4cPWudhw0QAAAQs"]
[Fri Jun 12 21:29:39.428848 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykchoFVnsH4cPWudhw0QAAAQs"]
[Fri Jun 12 21:29:39.560756 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.test"] [unique_id "aiykcxoFVnsH4cPWudhw2AAAAQs"]
[Fri Jun 12 21:29:39.561044 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.test"] [unique_id "aiykcxoFVnsH4cPWudhw2AAAAQs"]
[Fri Jun 12 21:29:39.561258 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.test"] [unique_id "aiykcxoFVnsH4cPWudhw2AAAAQs"]
[Fri Jun 12 21:29:40.391048 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykcxoFVnsH4cPWudhw2AAAAQs"]
[Fri Jun 12 21:29:40.522908 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.uat"] [unique_id "aiykdBoFVnsH4cPWudhw3gAAAQs"]
[Fri Jun 12 21:29:40.523103 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.uat"] [unique_id "aiykdBoFVnsH4cPWudhw3gAAAQs"]
[Fri Jun 12 21:29:40.523359 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.uat"] [unique_id "aiykdBoFVnsH4cPWudhw3gAAAQs"]
[Fri Jun 12 21:29:41.261156 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykdBoFVnsH4cPWudhw3gAAAQs"]
[Fri Jun 12 21:29:41.392644 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.qa"] [unique_id "aiykdRoFVnsH4cPWudhw5QAAAQs"]
[Fri Jun 12 21:29:41.392961 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.qa"] [unique_id "aiykdRoFVnsH4cPWudhw5QAAAQs"]
[Fri Jun 12 21:29:41.393341 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.qa"] [unique_id "aiykdRoFVnsH4cPWudhw5QAAAQs"]
[Fri Jun 12 21:29:42.221814 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykdRoFVnsH4cPWudhw5QAAAQs"]
[Fri Jun 12 21:29:42.356749 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.preprod"] [unique_id "aiykdhoFVnsH4cPWudhw6AAAAQs"]
[Fri Jun 12 21:29:42.357280 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.preprod"] [unique_id "aiykdhoFVnsH4cPWudhw6AAAAQs"]
[Fri Jun 12 21:29:42.357615 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.preprod"] [unique_id "aiykdhoFVnsH4cPWudhw6AAAAQs"]
[Fri Jun 12 21:29:42.678548 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykdhoFVnsH4cPWudhw6AAAAQs"]
[Fri Jun 12 21:29:42.812767 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.live"] [unique_id "aiykdhoFVnsH4cPWudhw7AAAAQs"]
[Fri Jun 12 21:29:42.813029 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.live"] [unique_id "aiykdhoFVnsH4cPWudhw7AAAAQs"]
[Fri Jun 12 21:29:42.813271 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.live"] [unique_id "aiykdhoFVnsH4cPWudhw7AAAAQs"]
[Fri Jun 12 21:29:43.572172 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykdhoFVnsH4cPWudhw7AAAAQs"]
[Fri Jun 12 21:29:43.706778 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.example"] [unique_id "aiykdxoFVnsH4cPWudhw8gAAAQs"]
[Fri Jun 12 21:29:43.707128 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.example"] [unique_id "aiykdxoFVnsH4cPWudhw8gAAAQs"]
[Fri Jun 12 21:29:43.707480 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.example"] [unique_id "aiykdxoFVnsH4cPWudhw8gAAAQs"]
[Fri Jun 12 21:29:44.624183 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykdxoFVnsH4cPWudhw8gAAAQs"]
[Fri Jun 12 21:29:44.759343 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.sample"] [unique_id "aiykeBoFVnsH4cPWudhw9wAAAQs"]
[Fri Jun 12 21:29:44.759549 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.sample"] [unique_id "aiykeBoFVnsH4cPWudhw9wAAAQs"]
[Fri Jun 12 21:29:44.759832 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.sample"] [unique_id "aiykeBoFVnsH4cPWudhw9wAAAQs"]
[Fri Jun 12 21:29:45.293424 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykeBoFVnsH4cPWudhw9wAAAQs"]
[Fri Jun 12 21:29:45.429565 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.dist"] [unique_id "aiykeRoFVnsH4cPWudhw-wAAAQs"]
[Fri Jun 12 21:29:45.429847 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.dist"] [unique_id "aiykeRoFVnsH4cPWudhw-wAAAQs"]
[Fri Jun 12 21:29:45.430569 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.dist"] [unique_id "aiykeRoFVnsH4cPWudhw-wAAAQs"]
[Fri Jun 12 21:29:46.061079 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykeRoFVnsH4cPWudhw-wAAAQs"]
[Fri Jun 12 21:29:46.194637 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.bak"] [unique_id "aiykehoFVnsH4cPWudhxAQAAAQs"]
[Fri Jun 12 21:29:46.194775 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.bak"] [unique_id "aiykehoFVnsH4cPWudhxAQAAAQs"]
[Fri Jun 12 21:29:46.194950 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.bak"] [unique_id "aiykehoFVnsH4cPWudhxAQAAAQs"]
[Fri Jun 12 21:29:46.195224 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.bak"] [unique_id "aiykehoFVnsH4cPWudhxAQAAAQs"]
[Fri Jun 12 21:29:46.713986 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykehoFVnsH4cPWudhxAQAAAQs"]
[Fri Jun 12 21:29:46.851989 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.backup"] [unique_id "aiykehoFVnsH4cPWudhxBgAAAQs"]
[Fri Jun 12 21:29:46.852079 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.backup"] [unique_id "aiykehoFVnsH4cPWudhxBgAAAQs"]
[Fri Jun 12 21:29:46.852341 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.backup"] [unique_id "aiykehoFVnsH4cPWudhxBgAAAQs"]
[Fri Jun 12 21:29:46.852545 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.backup"] [unique_id "aiykehoFVnsH4cPWudhxBgAAAQs"]
[Fri Jun 12 21:29:47.753429 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykehoFVnsH4cPWudhxBgAAAQs"]
[Fri Jun 12 21:29:47.885639 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.old"] [unique_id "aiykexoFVnsH4cPWudhxDAAAAQs"]
[Fri Jun 12 21:29:47.885825 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.old"] [unique_id "aiykexoFVnsH4cPWudhxDAAAAQs"]
[Fri Jun 12 21:29:47.886002 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.old"] [unique_id "aiykexoFVnsH4cPWudhxDAAAAQs"]
[Fri Jun 12 21:29:47.886307 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.old"] [unique_id "aiykexoFVnsH4cPWudhxDAAAAQs"]
[Fri Jun 12 21:29:48.034830 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykexoFVnsH4cPWudhxDAAAAQs"]
[Fri Jun 12 21:29:48.167903 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.save"] [unique_id "aiykfBoFVnsH4cPWudhxDwAAAQs"]
[Fri Jun 12 21:29:48.168204 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.save"] [unique_id "aiykfBoFVnsH4cPWudhxDwAAAQs"]
[Fri Jun 12 21:29:48.168469 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.save"] [unique_id "aiykfBoFVnsH4cPWudhxDwAAAQs"]
[Fri Jun 12 21:29:48.925502 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykfBoFVnsH4cPWudhxDwAAAQs"]
[Fri Jun 12 21:29:49.056955 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.swp"] [unique_id "aiykfRoFVnsH4cPWudhxFQAAAQs"]
[Fri Jun 12 21:29:49.057043 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/app/.env.swp"] [unique_id "aiykfRoFVnsH4cPWudhxFQAAAQs"]
[Fri Jun 12 21:29:49.057193 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/app/.env.swp"] [unique_id "aiykfRoFVnsH4cPWudhxFQAAAQs"]
[Fri Jun 12 21:29:49.057438 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/app/.env.swp"] [unique_id "aiykfRoFVnsH4cPWudhxFQAAAQs"]
[Fri Jun 12 21:29:49.940002 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykfRoFVnsH4cPWudhxFQAAAQs"]
[Fri Jun 12 21:29:50.073422 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env"] [unique_id "aiykfhoFVnsH4cPWudhxGgAAAQs"]
[Fri Jun 12 21:29:50.073671 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env"] [unique_id "aiykfhoFVnsH4cPWudhxGgAAAQs"]
[Fri Jun 12 21:29:50.074030 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env"] [unique_id "aiykfhoFVnsH4cPWudhxGgAAAQs"]
[Fri Jun 12 21:29:50.876171 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykfhoFVnsH4cPWudhxGgAAAQs"]
[Fri Jun 12 21:29:51.007292 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.local"] [unique_id "aiykfxoFVnsH4cPWudhxIAAAAQs"]
[Fri Jun 12 21:29:51.007522 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.local"] [unique_id "aiykfxoFVnsH4cPWudhxIAAAAQs"]
[Fri Jun 12 21:29:51.007830 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.local"] [unique_id "aiykfxoFVnsH4cPWudhxIAAAAQs"]
[Fri Jun 12 21:29:51.598827 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykfxoFVnsH4cPWudhxIAAAAQs"]
[Fri Jun 12 21:29:51.742480 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.production"] [unique_id "aiykfxoFVnsH4cPWudhxJQAAAQs"]
[Fri Jun 12 21:29:51.742670 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.production"] [unique_id "aiykfxoFVnsH4cPWudhxJQAAAQs"]
[Fri Jun 12 21:29:51.742924 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.production"] [unique_id "aiykfxoFVnsH4cPWudhxJQAAAQs"]
[Fri Jun 12 21:29:52.671439 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykfxoFVnsH4cPWudhxJQAAAQs"]
[Fri Jun 12 21:29:52.808724 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.prod"] [unique_id "aiykgBoFVnsH4cPWudhxKwAAAQs"]
[Fri Jun 12 21:29:52.808916 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.prod"] [unique_id "aiykgBoFVnsH4cPWudhxKwAAAQs"]
[Fri Jun 12 21:29:52.809152 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.prod"] [unique_id "aiykgBoFVnsH4cPWudhxKwAAAQs"]
[Fri Jun 12 21:29:53.473001 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykgBoFVnsH4cPWudhxKwAAAQs"]
[Fri Jun 12 21:29:53.605867 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.development"] [unique_id "aiykgRoFVnsH4cPWudhxMAAAAQs"]
[Fri Jun 12 21:29:53.606079 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.development"] [unique_id "aiykgRoFVnsH4cPWudhxMAAAAQs"]
[Fri Jun 12 21:29:53.606325 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.development"] [unique_id "aiykgRoFVnsH4cPWudhxMAAAAQs"]
[Fri Jun 12 21:29:54.296914 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykgRoFVnsH4cPWudhxMAAAAQs"]
[Fri Jun 12 21:29:54.432719 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.dev"] [unique_id "aiykghoFVnsH4cPWudhxNQAAAQs"]
[Fri Jun 12 21:29:54.432920 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.dev"] [unique_id "aiykghoFVnsH4cPWudhxNQAAAQs"]
[Fri Jun 12 21:29:54.433163 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.dev"] [unique_id "aiykghoFVnsH4cPWudhxNQAAAQs"]
[Fri Jun 12 21:29:55.109260 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykghoFVnsH4cPWudhxNQAAAQs"]
[Fri Jun 12 21:29:55.240803 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.staging"] [unique_id "aiykgxoFVnsH4cPWudhxOgAAAQs"]
[Fri Jun 12 21:29:55.241013 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.staging"] [unique_id "aiykgxoFVnsH4cPWudhxOgAAAQs"]
[Fri Jun 12 21:29:55.241221 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.staging"] [unique_id "aiykgxoFVnsH4cPWudhxOgAAAQs"]
[Fri Jun 12 21:29:55.944112 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykgxoFVnsH4cPWudhxOgAAAQs"]
[Fri Jun 12 21:29:56.075553 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.stage"] [unique_id "aiykhBoFVnsH4cPWudhxPwAAAQs"]
[Fri Jun 12 21:29:56.075761 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.stage"] [unique_id "aiykhBoFVnsH4cPWudhxPwAAAQs"]
[Fri Jun 12 21:29:56.075937 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.stage"] [unique_id "aiykhBoFVnsH4cPWudhxPwAAAQs"]
[Fri Jun 12 21:29:56.755579 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhBoFVnsH4cPWudhxPwAAAQs"]
[Fri Jun 12 21:29:56.894461 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.test"] [unique_id "aiykhBoFVnsH4cPWudhxRAAAAQs"]
[Fri Jun 12 21:29:56.894829 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.test"] [unique_id "aiykhBoFVnsH4cPWudhxRAAAAQs"]
[Fri Jun 12 21:29:56.895166 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.test"] [unique_id "aiykhBoFVnsH4cPWudhxRAAAAQs"]
[Fri Jun 12 21:29:57.524792 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhBoFVnsH4cPWudhxRAAAAQs"]
[Fri Jun 12 21:29:57.667035 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.uat"] [unique_id "aiykhRoFVnsH4cPWudhxSgAAAQs"]
[Fri Jun 12 21:29:57.667259 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.uat"] [unique_id "aiykhRoFVnsH4cPWudhxSgAAAQs"]
[Fri Jun 12 21:29:57.667504 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.uat"] [unique_id "aiykhRoFVnsH4cPWudhxSgAAAQs"]
[Fri Jun 12 21:29:58.374988 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhRoFVnsH4cPWudhxSgAAAQs"]
[Fri Jun 12 21:29:58.516340 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.qa"] [unique_id "aiykhhoFVnsH4cPWudhxTgAAAQs"]
[Fri Jun 12 21:29:58.516517 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.qa"] [unique_id "aiykhhoFVnsH4cPWudhxTgAAAQs"]
[Fri Jun 12 21:29:58.516780 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.qa"] [unique_id "aiykhhoFVnsH4cPWudhxTgAAAQs"]
[Fri Jun 12 21:29:58.954464 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhhoFVnsH4cPWudhxTgAAAQs"]
[Fri Jun 12 21:29:59.090615 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.preprod"] [unique_id "aiykhxoFVnsH4cPWudhxUwAAAQs"]
[Fri Jun 12 21:29:59.090881 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.preprod"] [unique_id "aiykhxoFVnsH4cPWudhxUwAAAQs"]
[Fri Jun 12 21:29:59.091153 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.preprod"] [unique_id "aiykhxoFVnsH4cPWudhxUwAAAQs"]
[Fri Jun 12 21:29:59.711944 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhxoFVnsH4cPWudhxUwAAAQs"]
[Fri Jun 12 21:29:59.850560 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.live"] [unique_id "aiykhxoFVnsH4cPWudhxWQAAAQs"]
[Fri Jun 12 21:29:59.850846 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.live"] [unique_id "aiykhxoFVnsH4cPWudhxWQAAAQs"]
[Fri Jun 12 21:29:59.851232 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.live"] [unique_id "aiykhxoFVnsH4cPWudhxWQAAAQs"]
[Fri Jun 12 21:30:00.621491 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykhxoFVnsH4cPWudhxWQAAAQs"]
[Fri Jun 12 21:30:00.761558 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.example"] [unique_id "aiykiBoFVnsH4cPWudhxXgAAAQs"]
[Fri Jun 12 21:30:00.761850 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.example"] [unique_id "aiykiBoFVnsH4cPWudhxXgAAAQs"]
[Fri Jun 12 21:30:00.762126 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.example"] [unique_id "aiykiBoFVnsH4cPWudhxXgAAAQs"]
[Fri Jun 12 21:30:01.425250 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykiBoFVnsH4cPWudhxXgAAAQs"]
[Fri Jun 12 21:30:01.560576 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.sample"] [unique_id "aiykiRoFVnsH4cPWudhxZAAAAQs"]
[Fri Jun 12 21:30:01.560806 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.sample"] [unique_id "aiykiRoFVnsH4cPWudhxZAAAAQs"]
[Fri Jun 12 21:30:01.561065 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.sample"] [unique_id "aiykiRoFVnsH4cPWudhxZAAAAQs"]
[Fri Jun 12 21:30:02.241823 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykiRoFVnsH4cPWudhxZAAAAQs"]
[Fri Jun 12 21:30:02.375891 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.dist"] [unique_id "aiykihoFVnsH4cPWudhxaQAAAQs"]
[Fri Jun 12 21:30:02.376064 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.dist"] [unique_id "aiykihoFVnsH4cPWudhxaQAAAQs"]
[Fri Jun 12 21:30:02.376241 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.dist"] [unique_id "aiykihoFVnsH4cPWudhxaQAAAQs"]
[Fri Jun 12 21:30:03.479620 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykihoFVnsH4cPWudhxaQAAAQs"]
[Fri Jun 12 21:30:03.612771 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.bak"] [unique_id "aiykixoFVnsH4cPWudhxcAAAAQs"]
[Fri Jun 12 21:30:03.612853 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.bak"] [unique_id "aiykixoFVnsH4cPWudhxcAAAAQs"]
[Fri Jun 12 21:30:03.613002 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.bak"] [unique_id "aiykixoFVnsH4cPWudhxcAAAAQs"]
[Fri Jun 12 21:30:03.613231 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.bak"] [unique_id "aiykixoFVnsH4cPWudhxcAAAAQs"]
[Fri Jun 12 21:30:04.341272 2026] [security2:error] [pid 5057:tid 5073] [client 179.43.168.58:47144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykixoFVnsH4cPWudhxcAAAAQs"]
[Fri Jun 12 21:30:04.748829 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.backup"] [unique_id "aiykjFunT5cBeiKzNzs8qgAAAMc"]
[Fri Jun 12 21:30:04.748916 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.backup"] [unique_id "aiykjFunT5cBeiKzNzs8qgAAAMc"]
[Fri Jun 12 21:30:04.749086 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.backup"] [unique_id "aiykjFunT5cBeiKzNzs8qgAAAMc"]
[Fri Jun 12 21:30:04.749336 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.backup"] [unique_id "aiykjFunT5cBeiKzNzs8qgAAAMc"]
[Fri Jun 12 21:30:05.477669 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykjFunT5cBeiKzNzs8qgAAAMc"]
[Fri Jun 12 21:30:05.611897 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.old"] [unique_id "aiykjVunT5cBeiKzNzs8sAAAAMc"]
[Fri Jun 12 21:30:05.611985 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.old"] [unique_id "aiykjVunT5cBeiKzNzs8sAAAAMc"]
[Fri Jun 12 21:30:05.612179 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.old"] [unique_id "aiykjVunT5cBeiKzNzs8sAAAAMc"]
[Fri Jun 12 21:30:05.612493 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.old"] [unique_id "aiykjVunT5cBeiKzNzs8sAAAAMc"]
[Fri Jun 12 21:30:06.359186 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykjVunT5cBeiKzNzs8sAAAAMc"]
[Fri Jun 12 21:30:06.492605 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.save"] [unique_id "aiykjlunT5cBeiKzNzs8tgAAAMc"]
[Fri Jun 12 21:30:06.492899 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.save"] [unique_id "aiykjlunT5cBeiKzNzs8tgAAAMc"]
[Fri Jun 12 21:30:06.493197 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.save"] [unique_id "aiykjlunT5cBeiKzNzs8tgAAAMc"]
[Fri Jun 12 21:30:06.976234 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykjlunT5cBeiKzNzs8tgAAAMc"]
[Fri Jun 12 21:30:07.112630 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.swp"] [unique_id "aiykj1unT5cBeiKzNzs8uwAAAMc"]
[Fri Jun 12 21:30:07.112731 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/web/.env.swp"] [unique_id "aiykj1unT5cBeiKzNzs8uwAAAMc"]
[Fri Jun 12 21:30:07.112908 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/web/.env.swp"] [unique_id "aiykj1unT5cBeiKzNzs8uwAAAMc"]
[Fri Jun 12 21:30:07.113185 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/web/.env.swp"] [unique_id "aiykj1unT5cBeiKzNzs8uwAAAMc"]
[Fri Jun 12 21:30:07.685145 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykj1unT5cBeiKzNzs8uwAAAMc"]
[Fri Jun 12 21:30:07.819873 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env"] [unique_id "aiykj1unT5cBeiKzNzs8wwAAAMc"]
[Fri Jun 12 21:30:07.820057 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env"] [unique_id "aiykj1unT5cBeiKzNzs8wwAAAMc"]
[Fri Jun 12 21:30:07.820233 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env"] [unique_id "aiykj1unT5cBeiKzNzs8wwAAAMc"]
[Fri Jun 12 21:30:08.870992 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykj1unT5cBeiKzNzs8wwAAAMc"]
[Fri Jun 12 21:30:09.008118 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.local"] [unique_id "aiykkVunT5cBeiKzNzs8ywAAAMc"]
[Fri Jun 12 21:30:09.008349 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.local"] [unique_id "aiykkVunT5cBeiKzNzs8ywAAAMc"]
[Fri Jun 12 21:30:09.008712 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.local"] [unique_id "aiykkVunT5cBeiKzNzs8ywAAAMc"]
[Fri Jun 12 21:30:09.749073 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykkVunT5cBeiKzNzs8ywAAAMc"]
[Fri Jun 12 21:30:09.884720 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.production"] [unique_id "aiykkVunT5cBeiKzNzs81AAAAMc"]
[Fri Jun 12 21:30:09.884915 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.production"] [unique_id "aiykkVunT5cBeiKzNzs81AAAAMc"]
[Fri Jun 12 21:30:09.885182 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.production"] [unique_id "aiykkVunT5cBeiKzNzs81AAAAMc"]
[Fri Jun 12 21:30:10.546557 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykkVunT5cBeiKzNzs81AAAAMc"]
[Fri Jun 12 21:30:10.680403 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.prod"] [unique_id "aiykklunT5cBeiKzNzs82wAAAMc"]
[Fri Jun 12 21:30:10.680584 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.prod"] [unique_id "aiykklunT5cBeiKzNzs82wAAAMc"]
[Fri Jun 12 21:30:10.680863 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.prod"] [unique_id "aiykklunT5cBeiKzNzs82wAAAMc"]
[Fri Jun 12 21:30:11.167244 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykklunT5cBeiKzNzs82wAAAMc"]
[Fri Jun 12 21:30:11.302036 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.development"] [unique_id "aiykk1unT5cBeiKzNzs84gAAAMc"]
[Fri Jun 12 21:30:11.302251 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.development"] [unique_id "aiykk1unT5cBeiKzNzs84gAAAMc"]
[Fri Jun 12 21:30:11.302793 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.development"] [unique_id "aiykk1unT5cBeiKzNzs84gAAAMc"]
[Fri Jun 12 21:30:11.914855 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykk1unT5cBeiKzNzs84gAAAMc"]
[Fri Jun 12 21:30:12.055243 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.dev"] [unique_id "aiyklFunT5cBeiKzNzs86QAAAMc"]
[Fri Jun 12 21:30:12.055522 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.dev"] [unique_id "aiyklFunT5cBeiKzNzs86QAAAMc"]
[Fri Jun 12 21:30:12.055789 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.dev"] [unique_id "aiyklFunT5cBeiKzNzs86QAAAMc"]
[Fri Jun 12 21:30:12.548445 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyklFunT5cBeiKzNzs86QAAAMc"]
[Fri Jun 12 21:30:12.690770 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.staging"] [unique_id "aiyklFunT5cBeiKzNzs87wAAAMc"]
[Fri Jun 12 21:30:12.690986 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.staging"] [unique_id "aiyklFunT5cBeiKzNzs87wAAAMc"]
[Fri Jun 12 21:30:12.691244 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.staging"] [unique_id "aiyklFunT5cBeiKzNzs87wAAAMc"]
[Fri Jun 12 21:30:13.180525 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyklFunT5cBeiKzNzs87wAAAMc"]
[Fri Jun 12 21:30:13.313780 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.stage"] [unique_id "aiyklVunT5cBeiKzNzs89QAAAMc"]
[Fri Jun 12 21:30:13.313990 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.stage"] [unique_id "aiyklVunT5cBeiKzNzs89QAAAMc"]
[Fri Jun 12 21:30:13.314265 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.stage"] [unique_id "aiyklVunT5cBeiKzNzs89QAAAMc"]
[Fri Jun 12 21:30:13.692751 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyklVunT5cBeiKzNzs89QAAAMc"]
[Fri Jun 12 21:30:13.825667 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.test"] [unique_id "aiyklVunT5cBeiKzNzs8-AAAAMc"]
[Fri Jun 12 21:30:13.825995 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.test"] [unique_id "aiyklVunT5cBeiKzNzs8-AAAAMc"]
[Fri Jun 12 21:30:13.826289 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.test"] [unique_id "aiyklVunT5cBeiKzNzs8-AAAAMc"]
[Fri Jun 12 21:30:14.373048 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyklVunT5cBeiKzNzs8-AAAAMc"]
[Fri Jun 12 21:30:14.515323 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.uat"] [unique_id "aiykllunT5cBeiKzNzs8_wAAAMc"]
[Fri Jun 12 21:30:14.515574 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.uat"] [unique_id "aiykllunT5cBeiKzNzs8_wAAAMc"]
[Fri Jun 12 21:30:14.515997 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.uat"] [unique_id "aiykllunT5cBeiKzNzs8_wAAAMc"]
[Fri Jun 12 21:30:15.126092 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykllunT5cBeiKzNzs8_wAAAMc"]
[Fri Jun 12 21:30:15.268835 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.qa"] [unique_id "aiykl1unT5cBeiKzNzs9BgAAAMc"]
[Fri Jun 12 21:30:15.269227 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.qa"] [unique_id "aiykl1unT5cBeiKzNzs9BgAAAMc"]
[Fri Jun 12 21:30:15.269469 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.qa"] [unique_id "aiykl1unT5cBeiKzNzs9BgAAAMc"]
[Fri Jun 12 21:30:16.148904 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykl1unT5cBeiKzNzs9BgAAAMc"]
[Fri Jun 12 21:30:16.282873 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.preprod"] [unique_id "aiykmFunT5cBeiKzNzs9DgAAAMc"]
[Fri Jun 12 21:30:16.283082 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.preprod"] [unique_id "aiykmFunT5cBeiKzNzs9DgAAAMc"]
[Fri Jun 12 21:30:16.283325 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.preprod"] [unique_id "aiykmFunT5cBeiKzNzs9DgAAAMc"]
[Fri Jun 12 21:30:16.955565 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykmFunT5cBeiKzNzs9DgAAAMc"]
[Fri Jun 12 21:30:17.092868 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.live"] [unique_id "aiykmVunT5cBeiKzNzs9FAAAAMc"]
[Fri Jun 12 21:30:17.093083 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.live"] [unique_id "aiykmVunT5cBeiKzNzs9FAAAAMc"]
[Fri Jun 12 21:30:17.093389 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.live"] [unique_id "aiykmVunT5cBeiKzNzs9FAAAAMc"]
[Fri Jun 12 21:30:17.889289 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykmVunT5cBeiKzNzs9FAAAAMc"]
[Fri Jun 12 21:30:18.025630 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.example"] [unique_id "aiykmlunT5cBeiKzNzs9HQAAAMc"]
[Fri Jun 12 21:30:18.025877 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.example"] [unique_id "aiykmlunT5cBeiKzNzs9HQAAAMc"]
[Fri Jun 12 21:30:18.026138 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.example"] [unique_id "aiykmlunT5cBeiKzNzs9HQAAAMc"]
[Fri Jun 12 21:30:18.844095 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykmlunT5cBeiKzNzs9HQAAAMc"]
[Fri Jun 12 21:30:18.980344 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.sample"] [unique_id "aiykmlunT5cBeiKzNzs9JAAAAMc"]
[Fri Jun 12 21:30:18.980502 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.sample"] [unique_id "aiykmlunT5cBeiKzNzs9JAAAAMc"]
[Fri Jun 12 21:30:18.980666 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.sample"] [unique_id "aiykmlunT5cBeiKzNzs9JAAAAMc"]
[Fri Jun 12 21:30:19.497954 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykmlunT5cBeiKzNzs9JAAAAMc"]
[Fri Jun 12 21:30:19.634915 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.dist"] [unique_id "aiykm1unT5cBeiKzNzs9KwAAAMc"]
[Fri Jun 12 21:30:19.635123 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.dist"] [unique_id "aiykm1unT5cBeiKzNzs9KwAAAMc"]
[Fri Jun 12 21:30:19.635340 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.dist"] [unique_id "aiykm1unT5cBeiKzNzs9KwAAAMc"]
[Fri Jun 12 21:30:20.212059 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykm1unT5cBeiKzNzs9KwAAAMc"]
[Fri Jun 12 21:30:20.348109 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.bak"] [unique_id "aiyknFunT5cBeiKzNzs9MgAAAMc"]
[Fri Jun 12 21:30:20.348227 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.bak"] [unique_id "aiyknFunT5cBeiKzNzs9MgAAAMc"]
[Fri Jun 12 21:30:20.348400 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.bak"] [unique_id "aiyknFunT5cBeiKzNzs9MgAAAMc"]
[Fri Jun 12 21:30:20.348659 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.bak"] [unique_id "aiyknFunT5cBeiKzNzs9MgAAAMc"]
[Fri Jun 12 21:30:21.657718 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyknFunT5cBeiKzNzs9MgAAAMc"]
[Fri Jun 12 21:30:21.796712 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.backup"] [unique_id "aiyknVunT5cBeiKzNzs9OgAAAMc"]
[Fri Jun 12 21:30:21.796816 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.backup"] [unique_id "aiyknVunT5cBeiKzNzs9OgAAAMc"]
[Fri Jun 12 21:30:21.797004 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.backup"] [unique_id "aiyknVunT5cBeiKzNzs9OgAAAMc"]
[Fri Jun 12 21:30:21.797297 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.backup"] [unique_id "aiyknVunT5cBeiKzNzs9OgAAAMc"]
[Fri Jun 12 21:30:22.473433 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyknVunT5cBeiKzNzs9OgAAAMc"]
[Fri Jun 12 21:30:22.611992 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.old"] [unique_id "aiyknlunT5cBeiKzNzs9QQAAAMc"]
[Fri Jun 12 21:30:22.612197 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.old"] [unique_id "aiyknlunT5cBeiKzNzs9QQAAAMc"]
[Fri Jun 12 21:30:22.612902 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.old"] [unique_id "aiyknlunT5cBeiKzNzs9QQAAAMc"]
[Fri Jun 12 21:30:22.613256 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.old"] [unique_id "aiyknlunT5cBeiKzNzs9QQAAAMc"]
[Fri Jun 12 21:30:23.229725 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiyknlunT5cBeiKzNzs9QQAAAMc"]
[Fri Jun 12 21:30:23.365622 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.save"] [unique_id "aiykn1unT5cBeiKzNzs9RgAAAMc"]
[Fri Jun 12 21:30:23.365893 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.save"] [unique_id "aiykn1unT5cBeiKzNzs9RgAAAMc"]
[Fri Jun 12 21:30:23.366181 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.save"] [unique_id "aiykn1unT5cBeiKzNzs9RgAAAMc"]
[Fri Jun 12 21:30:23.972077 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykn1unT5cBeiKzNzs9RgAAAMc"]
[Fri Jun 12 21:30:24.108653 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.swp"] [unique_id "aiykoFunT5cBeiKzNzs9TQAAAMc"]
[Fri Jun 12 21:30:24.108789 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/www/.env.swp"] [unique_id "aiykoFunT5cBeiKzNzs9TQAAAMc"]
[Fri Jun 12 21:30:24.109051 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "13.84.161.190"] [uri "/www/.env.swp"] [unique_id "aiykoFunT5cBeiKzNzs9TQAAAMc"]
[Fri Jun 12 21:30:24.109367 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.84.161.190"] [uri "/www/.env.swp"] [unique_id "aiykoFunT5cBeiKzNzs9TQAAAMc"]
[Fri Jun 12 21:30:24.833164 2026] [security2:error] [pid 4310:tid 4347] [client 179.43.168.58:44718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 13, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.84.161.190"] [uri "/index.php"] [unique_id "aiykoFunT5cBeiKzNzs9TQAAAMc"]
[Fri Jun 12 21:39:18.086445 2026] [security2:error] [pid 5057:tid 5070] [client 45.156.128.13:46960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiymthoFVnsH4cPWudh9nQAAAQg"]
[Fri Jun 12 21:39:18.219502 2026] [security2:error] [pid 5057:tid 5070] [client 45.156.128.13:46960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiymthoFVnsH4cPWudh9nwAAAQg"], referer: https://13.66.22.226/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 21:42:09.126647 2026] [security2:error] [pid 29702:tid 29750] [client 20.163.60.142:39802] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiynYbJGfUXoI1Xijsx5CAAAAJA"]
[Fri Jun 12 21:42:09.126872 2026] [security2:error] [pid 29702:tid 29750] [client 20.163.60.142:39802] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiynYbJGfUXoI1Xijsx5CAAAAJA"]
[Fri Jun 12 21:42:09.127221 2026] [security2:error] [pid 29702:tid 29750] [client 20.163.60.142:39802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "13.66.22.226"] [uri "/developmentserver/metadatauploader"] [unique_id "aiynYbJGfUXoI1Xijsx5CAAAAJA"]
[Fri Jun 12 21:42:09.128132 2026] [security2:error] [pid 29702:tid 29750] [client 20.163.60.142:39802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "13.66.22.226"] [uri "/403.shtml"] [unique_id "aiynYbJGfUXoI1Xijsx5CAAAAJA"]
[Fri Jun 12 21:42:19.741126 2026] [security2:error] [pid 31392:tid 31412] [client 8.222.249.178:41814] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyna3U9ydevvLef3-dKUwAAAAw"]
[Fri Jun 12 21:42:20.465032 2026] [security2:error] [pid 5057:tid 5065] [client 8.222.249.178:48196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiynbBoFVnsH4cPWudiAGQAAAQM"]
[Fri Jun 12 21:42:20.666872 2026] [security2:error] [pid 5057:tid 5065] [client 8.222.249.178:48196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiynbBoFVnsH4cPWudiAGgAAAQM"], referer: https://13.66.22.226
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 21:44:51.609157 2026] [security2:error] [pid 5057:tid 5070] [client 45.148.10.67:29452] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyoAxoFVnsH4cPWudiCtQAAAQg"]
[Fri Jun 12 21:44:51.985868 2026] [security2:error] [pid 29702:tid 29748] [client 45.148.10.67:29464] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "aiyoA7JGfUXoI1Xijsx87wAAAI4"], referer: https://13.66.22.226:443/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Fri Jun 12 21:45:10.043087 2026] [security2:error] [pid 31392:tid 31404] [client 45.148.10.67:56960] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.66.22.226:80"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.66.22.226"] [uri "/"] [unique_id "aiyoFnU9ydevvLef3-dM_QAAAAQ"]
[Fri Jun 12 21:50:00.241468 2026] [core:error] [pid 29650:tid 29678] [client 185.137.122.108:56868] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Fri Jun 12 21:50:56.660296 2026] [cgid:error] [pid 29702:tid 29741] [client 216.73.216.241:31329] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 21:51:31.295604 2026] [cgid:error] [pid 5057:tid 5077] [client 106.63.26.132:30884] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 21:51:35.012593 2026] [security2:error] [pid 5057:tid 5079] [client 45.148.10.51:38430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aiyplxoFVnsH4cPWudiIGgAAARE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.012974 2026] [security2:error] [pid 5057:tid 5079] [client 45.148.10.51:38430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aiyplxoFVnsH4cPWudiIGgAAARE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.013261 2026] [security2:error] [pid 5057:tid 5079] [client 45.148.10.51:38430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.save"] [unique_id "aiyplxoFVnsH4cPWudiIGgAAARE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.020029 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:38546] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/etc/local.xml"] [unique_id "aiypl3U9ydevvLef3-dV5wAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.020320 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:38546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/etc/local.xml"] [unique_id "aiypl3U9ydevvLef3-dV5wAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.020566 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:38546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/etc/local.xml"] [unique_id "aiypl3U9ydevvLef3-dV5wAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.021898 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38526] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web.config"] [unique_id "aiypl7JGfUXoI1XijsyEVAAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.022216 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38526] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web.config"] [unique_id "aiypl7JGfUXoI1XijsyEVAAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.022457 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web.config"] [unique_id "aiypl7JGfUXoI1XijsyEVAAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.022763 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web.config"] [unique_id "aiypl7JGfUXoI1XijsyEVAAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.031202 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:38414] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiypl8MjlrrfQvlefl3PxQAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.031529 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:38414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiypl8MjlrrfQvlefl3PxQAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.031810 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:38414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiypl8MjlrrfQvlefl3PxQAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.032075 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:38414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.old"] [unique_id "aiypl8MjlrrfQvlefl3PxQAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.033509 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:38590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aiypl3U9ydevvLef3-dV6AAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.035462 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:38590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aiypl3U9ydevvLef3-dV6AAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:35.035720 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:38590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging"] [unique_id "aiypl3U9ydevvLef3-dV6AAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.320120 2026] [security2:error] [pid 29650:tid 29670] [client 45.148.10.51:38520] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/wp-config.php"] [unique_id "aiypr3w8xPMNeF-FyaVwhAAAAU8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.320518 2026] [security2:error] [pid 29650:tid 29670] [client 45.148.10.51:38520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/wp-config.php"] [unique_id "aiypr3w8xPMNeF-FyaVwhAAAAU8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.320549 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:38468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env"] [unique_id "aiyprxoFVnsH4cPWudiIYwAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.320782 2026] [security2:error] [pid 29650:tid 29670] [client 45.148.10.51:38520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/wp-config.php"] [unique_id "aiypr3w8xPMNeF-FyaVwhAAAAU8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.320790 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:38468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env"] [unique_id "aiyprxoFVnsH4cPWudiIYwAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.321022 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:38468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env"] [unique_id "aiyprxoFVnsH4cPWudiIYwAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.322361 2026] [security2:error] [pid 31392:tid 31416] [client 45.148.10.51:38448] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "aiypr3U9ydevvLef3-dWfAAAABA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.322601 2026] [security2:error] [pid 31392:tid 31416] [client 45.148.10.51:38448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "aiypr3U9ydevvLef3-dWfAAAABA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.322851 2026] [security2:error] [pid 31392:tid 31416] [client 45.148.10.51:38448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/database.yml"] [unique_id "aiypr3U9ydevvLef3-dWfAAAABA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.330864 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38474] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/Web.config"] [unique_id "aiypr7JGfUXoI1XijsyEwgAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.331160 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38474] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/Web.config"] [unique_id "aiypr7JGfUXoI1XijsyEwgAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.331361 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/Web.config"] [unique_id "aiypr7JGfUXoI1XijsyEwgAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.331599 2026] [security2:error] [pid 29702:tid 29742] [client 45.148.10.51:38474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/Web.config"] [unique_id "aiypr7JGfUXoI1XijsyEwgAAAIg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.824370 2026] [security2:error] [pid 29702:tid 29757] [client 45.148.10.51:17304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.uat"] [unique_id "aiypr7JGfUXoI1XijsyExQAAAJc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.824565 2026] [security2:error] [pid 29702:tid 29757] [client 45.148.10.51:17304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.uat"] [unique_id "aiypr7JGfUXoI1XijsyExQAAAJc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.824803 2026] [security2:error] [pid 29702:tid 29757] [client 45.148.10.51:17304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.uat"] [unique_id "aiypr7JGfUXoI1XijsyExQAAAJc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.966527 2026] [security2:error] [pid 5057:tid 5075] [client 45.148.10.51:17376] ModSecurity: Warning. Matched phrase "/sites/default/settings.local.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.local.php found within REQUEST_FILENAME: /sites/default/settings.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.local.php"] [unique_id "aiyprxoFVnsH4cPWudiIZgAAAQ0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.966881 2026] [security2:error] [pid 5057:tid 5075] [client 45.148.10.51:17376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.local.php"] [unique_id "aiyprxoFVnsH4cPWudiIZgAAAQ0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.967282 2026] [security2:error] [pid 5057:tid 5075] [client 45.148.10.51:17376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.local.php"] [unique_id "aiyprxoFVnsH4cPWudiIZgAAAQ0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.984257 2026] [security2:error] [pid 31392:tid 31403] [client 45.148.10.51:17400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aiypr3U9ydevvLef3-dWggAAAAM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.984607 2026] [security2:error] [pid 31392:tid 31403] [client 45.148.10.51:17400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aiypr3U9ydevvLef3-dWggAAAAM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:51:59.985027 2026] [security2:error] [pid 31392:tid 31403] [client 45.148.10.51:17400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local"] [unique_id "aiypr3U9ydevvLef3-dWggAAAAM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.273343 2026] [security2:error] [pid 29702:tid 29739] [client 45.148.10.51:14154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.example"] [unique_id "aiyptrJGfUXoI1XijsyE4AAAAIQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.273566 2026] [security2:error] [pid 29702:tid 29739] [client 45.148.10.51:14154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.example"] [unique_id "aiyptrJGfUXoI1XijsyE4AAAAIQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.273619 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:14152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyptnw8xPMNeF-FyaVwpgAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.273836 2026] [security2:error] [pid 29702:tid 29739] [client 45.148.10.51:14154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.example"] [unique_id "aiyptrJGfUXoI1XijsyE4AAAAIQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.273853 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:14152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyptnw8xPMNeF-FyaVwpgAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:06.274128 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:14152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyptnw8xPMNeF-FyaVwpgAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:22.407959 2026] [cgid:error] [pid 29702:tid 29746] [client 106.63.26.22:28731] AH01265: stderr from /home/erhabenn/public_html/cgi-bin/: attempt to invoke directory as script
[Fri Jun 12 21:52:30.063949 2026] [security2:error] [pid 5057:tid 5083] [client 45.148.10.51:17316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.back"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.back"] [unique_id "aiypzhoFVnsH4cPWudiJBAAAARU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.064402 2026] [security2:error] [pid 5057:tid 5083] [client 45.148.10.51:17316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.back"] [unique_id "aiypzhoFVnsH4cPWudiJBAAAARU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.064656 2026] [security2:error] [pid 5057:tid 5083] [client 45.148.10.51:17316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.back"] [unique_id "aiypzhoFVnsH4cPWudiJBAAAARU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.067202 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:17312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.qa"] [unique_id "aiypznU9ydevvLef3-dXrgAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.067447 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:17312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.qa"] [unique_id "aiypznU9ydevvLef3-dXrgAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.067785 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:17312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.qa"] [unique_id "aiypznU9ydevvLef3-dXrgAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.073243 2026] [security2:error] [pid 29650:tid 29675] [client 45.148.10.51:17338] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiypznw8xPMNeF-FyaVw7gAAAVQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.073542 2026] [security2:error] [pid 29650:tid 29675] [client 45.148.10.51:17338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiypznw8xPMNeF-FyaVw7gAAAVQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.073900 2026] [security2:error] [pid 29650:tid 29675] [client 45.148.10.51:17338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiypznw8xPMNeF-FyaVw7gAAAVQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.338384 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:17434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sample"] [unique_id "aiypznU9ydevvLef3-dXsgAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.338784 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:17434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sample"] [unique_id "aiypznU9ydevvLef3-dXsgAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:30.339141 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:17434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sample"] [unique_id "aiypznU9ydevvLef3-dXsgAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.942896 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:17946] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/storage/logs/laravel.log"] [unique_id "aiyp0rJGfUXoI1XijsyFbAAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.943619 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:17946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/storage/logs/laravel.log"] [unique_id "aiyp0rJGfUXoI1XijsyFbAAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.943912 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:17946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/storage/logs/laravel.log"] [unique_id "aiyp0rJGfUXoI1XijsyFbAAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.947127 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:17908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.develop"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.develop"] [unique_id "aiyp0nw8xPMNeF-FyaVxAQAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.947364 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:17908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.develop"] [unique_id "aiyp0nw8xPMNeF-FyaVxAQAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.947604 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:17908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.develop"] [unique_id "aiyp0nw8xPMNeF-FyaVxAQAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.967796 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:17804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyp0hoFVnsH4cPWudiJHAAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.968125 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:17804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyp0hoFVnsH4cPWudiJHAAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:52:34.968452 2026] [security2:error] [pid 5057:tid 5086] [client 45.148.10.51:17804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyp0hoFVnsH4cPWudiJHAAAARg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.411952 2026] [security2:error] [pid 5057:tid 5077] [client 45.148.10.51:17952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp7BoFVnsH4cPWudiJngAAAQ8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.412246 2026] [security2:error] [pid 5057:tid 5077] [client 45.148.10.51:17952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp7BoFVnsH4cPWudiJngAAAQ8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.412556 2026] [security2:error] [pid 5057:tid 5077] [client 45.148.10.51:17952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp7BoFVnsH4cPWudiJngAAAQ8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.416902 2026] [security2:error] [pid 29650:tid 29671] [client 45.148.10.51:17788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyp7Hw8xPMNeF-FyaVxRwAAAVA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.417125 2026] [security2:error] [pid 29650:tid 29671] [client 45.148.10.51:17788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyp7Hw8xPMNeF-FyaVxRwAAAVA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.417433 2026] [security2:error] [pid 29650:tid 29671] [client 45.148.10.51:17788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.development"] [unique_id "aiyp7Hw8xPMNeF-FyaVxRwAAAVA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.419395 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:17862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.bak1"] [unique_id "aiyp7MMjlrrfQvlefl3RXgAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.419627 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:17862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.bak1"] [unique_id "aiyp7MMjlrrfQvlefl3RXgAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.419921 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:17862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.bak1"] [unique_id "aiyp7MMjlrrfQvlefl3RXgAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.423210 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:17894] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiyp7LJGfUXoI1XijsyFygAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.423490 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:17894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiyp7LJGfUXoI1XijsyFygAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:00.423738 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:17894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.aws/credentials"] [unique_id "aiyp7LJGfUXoI1XijsyFygAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:05.955290 2026] [security2:error] [pid 29702:tid 29737] [client 45.148.10.51:32192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp8bJGfUXoI1XijsyF4AAAAII"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:05.955631 2026] [security2:error] [pid 29702:tid 29737] [client 45.148.10.51:32192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp8bJGfUXoI1XijsyF4AAAAII"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:05.956007 2026] [security2:error] [pid 29702:tid 29737] [client 45.148.10.51:32192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.orig"] [unique_id "aiyp8bJGfUXoI1XijsyF4AAAAII"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.137420 2026] [security2:error] [pid 29701:tid 29733] [client 45.148.10.51:43054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.php"] [unique_id "aiyp88MjlrrfQvlefl3RnAAAAFg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.137737 2026] [security2:error] [pid 29701:tid 29733] [client 45.148.10.51:43054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.php"] [unique_id "aiyp88MjlrrfQvlefl3RnAAAAFg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.138017 2026] [security2:error] [pid 29701:tid 29733] [client 45.148.10.51:43054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.php"] [unique_id "aiyp88MjlrrfQvlefl3RnAAAAFg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.142255 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:43050] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.php"] [unique_id "aiyp87JGfUXoI1XijsyF5QAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.142537 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:43050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.php"] [unique_id "aiyp87JGfUXoI1XijsyF5QAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.142881 2026] [security2:error] [pid 29702:tid 29745] [client 45.148.10.51:43050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/sites/default/settings.php"] [unique_id "aiyp87JGfUXoI1XijsyF5QAAAIs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.146925 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:43090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.preprod"] [unique_id "aiyp83w8xPMNeF-FyaVxWAAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.147213 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:43090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.preprod"] [unique_id "aiyp83w8xPMNeF-FyaVxWAAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:07.147515 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:43090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.preprod"] [unique_id "aiyp83w8xPMNeF-FyaVxWAAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:18.758361 2026] [security2:error] [pid 29701:tid 29728] [client 45.148.10.51:55642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.beta"] [unique_id "aiyp_sMjlrrfQvlefl3SCwAAAFM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:18.758679 2026] [security2:error] [pid 29701:tid 29728] [client 45.148.10.51:55642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.beta"] [unique_id "aiyp_sMjlrrfQvlefl3SCwAAAFM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:18.759088 2026] [security2:error] [pid 29701:tid 29728] [client 45.148.10.51:55642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.beta"] [unique_id "aiyp_sMjlrrfQvlefl3SCwAAAFM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:26.731900 2026] [security2:error] [pid 29701:tid 29717] [client 45.148.10.51:22474] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.backup"] [unique_id "aiyqBsMjlrrfQvlefl3SRAAAAEc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:26.732334 2026] [security2:error] [pid 29701:tid 29717] [client 45.148.10.51:22474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.backup"] [unique_id "aiyqBsMjlrrfQvlefl3SRAAAAEc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:26.732664 2026] [security2:error] [pid 29701:tid 29717] [client 45.148.10.51:22474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.backup"] [unique_id "aiyqBsMjlrrfQvlefl3SRAAAAEc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:26.732990 2026] [security2:error] [pid 29701:tid 29717] [client 45.148.10.51:22474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.backup"] [unique_id "aiyqBsMjlrrfQvlefl3SRAAAAEc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.450022 2026] [security2:error] [pid 29702:tid 29741] [client 45.148.10.51:32228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.yaml"] [unique_id "aiyqDbJGfUXoI1XijsyGUwAAAIc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.450234 2026] [security2:error] [pid 29702:tid 29741] [client 45.148.10.51:32228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.yaml"] [unique_id "aiyqDbJGfUXoI1XijsyGUwAAAIc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.450448 2026] [security2:error] [pid 29702:tid 29741] [client 45.148.10.51:32228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.yaml"] [unique_id "aiyqDbJGfUXoI1XijsyGUwAAAIc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.591945 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:22502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swo"] [unique_id "aiyqDXU9ydevvLef3-dZLQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.592135 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:22502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swo"] [unique_id "aiyqDXU9ydevvLef3-dZLQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.592368 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:22502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swo"] [unique_id "aiyqDXU9ydevvLef3-dZLQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.863257 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:22530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env-backup"] [unique_id "aiyqDXw8xPMNeF-FyaVxmgAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.863607 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:22530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env-backup"] [unique_id "aiyqDXw8xPMNeF-FyaVxmgAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:33.863922 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:22530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env-backup"] [unique_id "aiyqDXw8xPMNeF-FyaVxmgAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:34.438956 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:32248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.template"] [unique_id "aiyqDnU9ydevvLef3-dZMQAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:34.439194 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:32248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.template"] [unique_id "aiyqDnU9ydevvLef3-dZMQAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:34.439408 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:32248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.template"] [unique_id "aiyqDnU9ydevvLef3-dZMQAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.364229 2026] [security2:error] [pid 29702:tid 29744] [client 45.148.10.51:20432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2023"] [unique_id "aiyqEbJGfUXoI1XijsyGZwAAAIo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.364551 2026] [security2:error] [pid 29702:tid 29744] [client 45.148.10.51:20432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2023"] [unique_id "aiyqEbJGfUXoI1XijsyGZwAAAIo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.364860 2026] [security2:error] [pid 29702:tid 29744] [client 45.148.10.51:20432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2023"] [unique_id "aiyqEbJGfUXoI1XijsyGZwAAAIo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.527589 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:20438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod"] [unique_id "aiyqEcMjlrrfQvlefl3SjAAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.527884 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:20438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod"] [unique_id "aiyqEcMjlrrfQvlefl3SjAAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.528136 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:20438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod"] [unique_id "aiyqEcMjlrrfQvlefl3SjAAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.795084 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:20446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2024"] [unique_id "aiyqEcMjlrrfQvlefl3SkAAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.795358 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:20446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2024"] [unique_id "aiyqEcMjlrrfQvlefl3SkAAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:37.795599 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:20446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2024"] [unique_id "aiyqEcMjlrrfQvlefl3SkAAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:41.624389 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:55624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.demo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.demo"] [unique_id "aiyqFbJGfUXoI1XijsyGgwAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:41.624817 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:55624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.demo"] [unique_id "aiyqFbJGfUXoI1XijsyGgwAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:41.625153 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:55624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.demo"] [unique_id "aiyqFbJGfUXoI1XijsyGgwAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:44.907041 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:22480] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.backup"] [unique_id "aiyqGHw8xPMNeF-FyaVxwgAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:44.908479 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:22480] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.backup"] [unique_id "aiyqGHw8xPMNeF-FyaVxwgAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:44.908801 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:22480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.backup"] [unique_id "aiyqGHw8xPMNeF-FyaVxwgAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:44.909108 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:22480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.backup"] [unique_id "aiyqGHw8xPMNeF-FyaVxwgAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:45.030322 2026] [security2:error] [pid 5057:tid 5085] [client 45.148.10.51:22488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.production.local"] [unique_id "aiyqGRoFVnsH4cPWudiKkQAAARc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:45.030657 2026] [security2:error] [pid 5057:tid 5085] [client 45.148.10.51:22488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.production.local"] [unique_id "aiyqGRoFVnsH4cPWudiKkQAAARc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:45.031016 2026] [security2:error] [pid 5057:tid 5085] [client 45.148.10.51:22488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.production.local"] [unique_id "aiyqGRoFVnsH4cPWudiKkQAAARc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.493766 2026] [security2:error] [pid 29701:tid 29714] [client 45.148.10.51:36816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup2"] [unique_id "aiyqHMMjlrrfQvlefl3S1gAAAEQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.493768 2026] [security2:error] [pid 5057:tid 5068] [client 45.148.10.51:36844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.alpha"] [unique_id "aiyqHBoFVnsH4cPWudiKmwAAAQY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.494117 2026] [security2:error] [pid 29701:tid 29714] [client 45.148.10.51:36816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup2"] [unique_id "aiyqHMMjlrrfQvlefl3S1gAAAEQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.494120 2026] [security2:error] [pid 5057:tid 5068] [client 45.148.10.51:36844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.alpha"] [unique_id "aiyqHBoFVnsH4cPWudiKmwAAAQY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.494342 2026] [security2:error] [pid 5057:tid 5068] [client 45.148.10.51:36844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.alpha"] [unique_id "aiyqHBoFVnsH4cPWudiKmwAAAQY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:48.494373 2026] [security2:error] [pid 29701:tid 29714] [client 45.148.10.51:36816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup2"] [unique_id "aiyqHMMjlrrfQvlefl3S1gAAAEQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:56.777246 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.api"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.api"] [unique_id "aiyqJHw8xPMNeF-FyaVx8gAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:56.777608 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.api"] [unique_id "aiyqJHw8xPMNeF-FyaVx8gAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:56.778150 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.api"] [unique_id "aiyqJHw8xPMNeF-FyaVx8gAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:57.070310 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:34366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.web"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.web"] [unique_id "aiyqJbJGfUXoI1XijsyG-QAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:57.070628 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:34366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.web"] [unique_id "aiyqJbJGfUXoI1XijsyG-QAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:53:57.070916 2026] [security2:error] [pid 29702:tid 29758] [client 45.148.10.51:34366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.web"] [unique_id "aiyqJbJGfUXoI1XijsyG-QAAAJg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:00.407175 2026] [security2:error] [pid 31392:tid 31410] [client 45.148.10.51:22538] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env_backup"] [unique_id "aiyqKHU9ydevvLef3-dZ2AAAAAo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:00.407933 2026] [security2:error] [pid 31392:tid 31410] [client 45.148.10.51:22538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env_backup"] [unique_id "aiyqKHU9ydevvLef3-dZ2AAAAAo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:00.408233 2026] [security2:error] [pid 31392:tid 31410] [client 45.148.10.51:22538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env_backup"] [unique_id "aiyqKHU9ydevvLef3-dZ2AAAAAo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:03.520849 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:55630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqK3w8xPMNeF-FyaVyHwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:03.521225 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:55630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqK3w8xPMNeF-FyaVyHwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:03.521447 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:55630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqK3w8xPMNeF-FyaVyHwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.474506 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:34382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.aws"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.aws"] [unique_id "aiyqLXU9ydevvLef3-daBAAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.474822 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:34382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.aws"] [unique_id "aiyqLXU9ydevvLef3-daBAAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.474844 2026] [security2:error] [pid 30223:tid 30231] [client 45.148.10.51:34400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.brevo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.brevo"] [unique_id "aiyqLX9Sb5IthyT7NNWC-QAAAME"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.475069 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:34382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.aws"] [unique_id "aiyqLXU9ydevvLef3-daBAAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.475076 2026] [security2:error] [pid 30223:tid 30231] [client 45.148.10.51:34400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.brevo"] [unique_id "aiyqLX9Sb5IthyT7NNWC-QAAAME"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:05.475328 2026] [security2:error] [pid 30223:tid 30231] [client 45.148.10.51:34400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.brevo"] [unique_id "aiyqLX9Sb5IthyT7NNWC-QAAAME"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:12.895205 2026] [security2:error] [pid 31392:tid 31413] [client 45.148.10.51:36828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.rc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.rc"] [unique_id "aiyqNHU9ydevvLef3-daMwAAAA0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:12.895532 2026] [security2:error] [pid 31392:tid 31413] [client 45.148.10.51:36828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.rc"] [unique_id "aiyqNHU9ydevvLef3-daMwAAAA0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:12.895941 2026] [security2:error] [pid 31392:tid 31413] [client 45.148.10.51:36828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.rc"] [unique_id "aiyqNHU9ydevvLef3-daMwAAAA0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.002829 2026] [security2:error] [pid 30223:tid 30237] [client 45.148.10.51:34336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2026"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2026"] [unique_id "aiyqPX9Sb5IthyT7NNWDLQAAAMc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.003091 2026] [security2:error] [pid 30223:tid 30237] [client 45.148.10.51:34336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2026"] [unique_id "aiyqPX9Sb5IthyT7NNWDLQAAAMc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.003365 2026] [security2:error] [pid 30223:tid 30237] [client 45.148.10.51:34336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2026"] [unique_id "aiyqPX9Sb5IthyT7NNWDLQAAAMc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.507555 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:46808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.local"] [unique_id "aiyqPbJGfUXoI1XijsyHqgAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.507974 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:46808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.local"] [unique_id "aiyqPbJGfUXoI1XijsyHqgAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:21.508311 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:46808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.test.local"] [unique_id "aiyqPbJGfUXoI1XijsyHqgAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:26.253769 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:20410] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyqQnw8xPMNeF-FyaVyfQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:26.254163 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:20410] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyqQnw8xPMNeF-FyaVyfQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:26.255542 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:20410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyqQnw8xPMNeF-FyaVyfQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:26.255816 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:20410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.swp"] [unique_id "aiyqQnw8xPMNeF-FyaVyfQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:30.854289 2026] [security2:error] [pid 29702:tid 29785] [client 45.148.10.51:1540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.ENV"] [unique_id "aiyqRrJGfUXoI1XijsyH9wAAAIY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:30.854654 2026] [security2:error] [pid 29702:tid 29785] [client 45.148.10.51:1540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.ENV"] [unique_id "aiyqRrJGfUXoI1XijsyH9wAAAIY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:30.854942 2026] [security2:error] [pid 29702:tid 29785] [client 45.148.10.51:1540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.ENV"] [unique_id "aiyqRrJGfUXoI1XijsyH9wAAAIY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.326467 2026] [security2:error] [pid 30223:tid 30236] [client 45.148.10.51:34368] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.mail"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mail"] [unique_id "aiyqSH9Sb5IthyT7NNWDUgAAAMY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.326774 2026] [security2:error] [pid 30223:tid 30236] [client 45.148.10.51:34368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mail"] [unique_id "aiyqSH9Sb5IthyT7NNWDUgAAAMY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.327024 2026] [security2:error] [pid 30223:tid 30236] [client 45.148.10.51:34368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mail"] [unique_id "aiyqSH9Sb5IthyT7NNWDUgAAAMY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.330799 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.mailgun"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqSHw8xPMNeF-FyaVyogAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.331057 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqSHw8xPMNeF-FyaVyogAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.331259 2026] [security2:error] [pid 29650:tid 29666] [client 45.148.10.51:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqSHw8xPMNeF-FyaVyogAAAUs"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.341258 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:34416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup1"] [unique_id "aiyqSMMjlrrfQvlefl3ToQAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.341537 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:34416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup1"] [unique_id "aiyqSMMjlrrfQvlefl3ToQAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.341827 2026] [security2:error] [pid 29701:tid 29731] [client 45.148.10.51:34416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.backup1"] [unique_id "aiyqSMMjlrrfQvlefl3ToQAAAFY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.620972 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:57930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.postmark"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqSLJGfUXoI1XijsyIAwAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.621303 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:57930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqSLJGfUXoI1XijsyIAwAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:32.621554 2026] [security2:error] [pid 29702:tid 29738] [client 45.148.10.51:57930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqSLJGfUXoI1XijsyIAwAAAIM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:37.341896 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:30104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.mailgun"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqTXU9ydevvLef3-datQAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:37.342188 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:30104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqTXU9ydevvLef3-datQAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:37.342524 2026] [security2:error] [pid 31392:tid 31423] [client 45.148.10.51:30104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.mailgun"] [unique_id "aiyqTXU9ydevvLef3-datQAAABc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.271624 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:46788] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyxwAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.272036 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:46788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyxwAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.272312 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:46788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyxwAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.272586 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:46788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.staging.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyxwAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.501049 2026] [security2:error] [pid 29650:tid 29657] [client 45.148.10.51:46802] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1055"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyygAAAUI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.501361 2026] [security2:error] [pid 29650:tid 29657] [client 45.148.10.51:46802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyygAAAUI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.501646 2026] [security2:error] [pid 29650:tid 29657] [client 45.148.10.51:46802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyygAAAUI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:38.501907 2026] [security2:error] [pid 29650:tid 29657] [client 45.148.10.51:46802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.backup"] [unique_id "aiyqTnw8xPMNeF-FyaVyygAAAUI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.343856 2026] [security2:error] [pid 29702:tid 29752] [client 45.148.10.51:45036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.local"] [unique_id "aiyqV7JGfUXoI1XijsyIbQAAAJI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.344093 2026] [security2:error] [pid 29702:tid 29752] [client 45.148.10.51:45036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.local"] [unique_id "aiyqV7JGfUXoI1XijsyIbQAAAJI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.344344 2026] [security2:error] [pid 29702:tid 29752] [client 45.148.10.51:45036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.local"] [unique_id "aiyqV7JGfUXoI1XijsyIbQAAAJI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.605439 2026] [security2:error] [pid 31392:tid 31417] [client 45.148.10.51:45048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.production"] [unique_id "aiyqV3U9ydevvLef3-da6wAAABE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.610135 2026] [security2:error] [pid 31392:tid 31417] [client 45.148.10.51:45048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.production"] [unique_id "aiyqV3U9ydevvLef3-da6wAAABE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.610358 2026] [security2:error] [pid 31392:tid 31417] [client 45.148.10.51:45048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.production"] [unique_id "aiyqV3U9ydevvLef3-da6wAAABE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.861066 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:45052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyqV3w8xPMNeF-FyaVy9wAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.861443 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:45052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyqV3w8xPMNeF-FyaVy9wAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:47.861786 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:45052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.local.php"] [unique_id "aiyqV3w8xPMNeF-FyaVy9wAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.084522 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:20434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.original"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqWcMjlrrfQvlefl3T5gAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.084764 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:20434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqWcMjlrrfQvlefl3T5gAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.085022 2026] [security2:error] [pid 29701:tid 29715] [client 45.148.10.51:20434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqWcMjlrrfQvlefl3T5gAAAEU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.316112 2026] [security2:error] [pid 30223:tid 30247] [client 45.148.10.51:1534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sendgrid"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sendgrid"] [unique_id "aiyqWX9Sb5IthyT7NNWDkgAAANE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.316412 2026] [security2:error] [pid 30223:tid 30247] [client 45.148.10.51:1534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sendgrid"] [unique_id "aiyqWX9Sb5IthyT7NNWDkgAAANE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:54:49.316675 2026] [security2:error] [pid 30223:tid 30247] [client 45.148.10.51:1534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.sendgrid"] [unique_id "aiyqWX9Sb5IthyT7NNWDkgAAANE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:01.348993 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.staging"] [unique_id "aiyqZXw8xPMNeF-FyaVzLgAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:01.349365 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.staging"] [unique_id "aiyqZXw8xPMNeF-FyaVzLgAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:01.349579 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.staging"] [unique_id "aiyqZXw8xPMNeF-FyaVzLgAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.225194 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:30096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqZ8MjlrrfQvlefl3UJQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.225546 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:30096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqZ8MjlrrfQvlefl3UJQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.225844 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:30096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.live"] [unique_id "aiyqZ8MjlrrfQvlefl3UJQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.241450 2026] [security2:error] [pid 29702:tid 29748] [client 45.148.10.51:30112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env"] [unique_id "aiyqZ7JGfUXoI1XijsyIywAAAI4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.241638 2026] [security2:error] [pid 29702:tid 29748] [client 45.148.10.51:30112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env"] [unique_id "aiyqZ7JGfUXoI1XijsyIywAAAI4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:03.241855 2026] [security2:error] [pid 29702:tid 29748] [client 45.148.10.51:30112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env"] [unique_id "aiyqZ7JGfUXoI1XijsyIywAAAI4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:05.046331 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:38822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.compose"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.compose"] [unique_id "aiyqaXU9ydevvLef3-dbSwAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:05.046808 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:38822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.compose"] [unique_id "aiyqaXU9ydevvLef3-dbSwAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:05.047076 2026] [security2:error] [pid 31392:tid 31401] [client 45.148.10.51:38822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.compose"] [unique_id "aiyqaXU9ydevvLef3-dbSwAAAAE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:09.617582 2026] [security2:error] [pid 29701:tid 29730] [client 45.148.10.51:43968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.local"] [unique_id "aiyqbcMjlrrfQvlefl3UUAAAAFU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:09.617980 2026] [security2:error] [pid 29701:tid 29730] [client 45.148.10.51:43968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.local"] [unique_id "aiyqbcMjlrrfQvlefl3UUAAAAFU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:09.618298 2026] [security2:error] [pid 29701:tid 29730] [client 45.148.10.51:43968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.local"] [unique_id "aiyqbcMjlrrfQvlefl3UUAAAAFU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.487631 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:44012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.production"] [unique_id "aiyqbrJGfUXoI1XijsyI-AAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.488104 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:44012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.production"] [unique_id "aiyqbrJGfUXoI1XijsyI-AAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.488356 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:44012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.production"] [unique_id "aiyqbrJGfUXoI1XijsyI-AAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.489850 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:43980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aiyqbnw8xPMNeF-FyaVzSgAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.490109 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:43980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aiyqbnw8xPMNeF-FyaVzSgAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:10.490346 2026] [security2:error] [pid 29650:tid 29672] [client 45.148.10.51:43980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env"] [unique_id "aiyqbnw8xPMNeF-FyaVzSgAAAVE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.371497 2026] [security2:error] [pid 30223:tid 30230] [client 45.148.10.51:44038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aiyqb39Sb5IthyT7NNWEHgAAAMA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.371812 2026] [security2:error] [pid 30223:tid 30230] [client 45.148.10.51:44038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aiyqb39Sb5IthyT7NNWEHgAAAMA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.372138 2026] [security2:error] [pid 30223:tid 30230] [client 45.148.10.51:44038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public/.env"] [unique_id "aiyqb39Sb5IthyT7NNWEHgAAAMA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.630305 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:44046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aiyqb3U9ydevvLef3-dbXwAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.630627 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:44046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aiyqb3U9ydevvLef3-dbXwAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.630987 2026] [security2:error] [pid 31392:tid 31408] [client 45.148.10.51:44046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/web/.env"] [unique_id "aiyqb3U9ydevvLef3-dbXwAAAAg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.915115 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:44062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/www/.env"] [unique_id "aiyqb3w8xPMNeF-FyaVzTwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.915436 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:44062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/www/.env"] [unique_id "aiyqb3w8xPMNeF-FyaVzTwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:11.915784 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:44062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/www/.env"] [unique_id "aiyqb3w8xPMNeF-FyaVzTwAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:15.751455 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:42424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.local"] [unique_id "aiyqc8MjlrrfQvlefl3UdQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:15.751789 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:42424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.local"] [unique_id "aiyqc8MjlrrfQvlefl3UdQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:15.752081 2026] [security2:error] [pid 29701:tid 29725] [client 45.148.10.51:42424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.local"] [unique_id "aiyqc8MjlrrfQvlefl3UdQAAAFA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:25.902246 2026] [security2:error] [pid 29650:tid 29673] [client 45.148.10.51:9892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.local"] [unique_id "aiyqfXw8xPMNeF-FyaVzewAAAVI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:25.902561 2026] [security2:error] [pid 29650:tid 29673] [client 45.148.10.51:9892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.local"] [unique_id "aiyqfXw8xPMNeF-FyaVzewAAAVI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:25.902885 2026] [security2:error] [pid 29650:tid 29673] [client 45.148.10.51:9892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.local"] [unique_id "aiyqfXw8xPMNeF-FyaVzewAAAVI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:26.165176 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:9898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/panel/.env"] [unique_id "aiyqfnU9ydevvLef3-dboQAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:26.165485 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:9898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/panel/.env"] [unique_id "aiyqfnU9ydevvLef3-dboQAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:26.165865 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:9898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/panel/.env"] [unique_id "aiyqfnU9ydevvLef3-dboQAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.325197 2026] [security2:error] [pid 31392:tid 31424] [client 45.148.10.51:9912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.production"] [unique_id "aiyqf3U9ydevvLef3-dbqAAAABg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.325593 2026] [security2:error] [pid 31392:tid 31424] [client 45.148.10.51:9912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.production"] [unique_id "aiyqf3U9ydevvLef3-dbqAAAABg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.325903 2026] [security2:error] [pid 31392:tid 31424] [client 45.148.10.51:9912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env.production"] [unique_id "aiyqf3U9ydevvLef3-dbqAAAABg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.588030 2026] [security2:error] [pid 30223:tid 30249] [client 45.148.10.51:9932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /console/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/console/.env"] [unique_id "aiyqf39Sb5IthyT7NNWEjgAAANM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.588422 2026] [security2:error] [pid 30223:tid 30249] [client 45.148.10.51:9932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/console/.env"] [unique_id "aiyqf39Sb5IthyT7NNWEjgAAANM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.588676 2026] [security2:error] [pid 30223:tid 30249] [client 45.148.10.51:9932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/console/.env"] [unique_id "aiyqf39Sb5IthyT7NNWEjgAAANM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.851142 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:9948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/cms/.env"] [unique_id "aiyqf3U9ydevvLef3-dbqQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.851432 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:9948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/cms/.env"] [unique_id "aiyqf3U9ydevvLef3-dbqQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:27.851655 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:9948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/cms/.env"] [unique_id "aiyqf3U9ydevvLef3-dbqQAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.118991 2026] [security2:error] [pid 30223:tid 30232] [client 45.148.10.51:9950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/blog/.env"] [unique_id "aiyqgH9Sb5IthyT7NNWEkgAAAMI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.119382 2026] [security2:error] [pid 30223:tid 30232] [client 45.148.10.51:9950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/blog/.env"] [unique_id "aiyqgH9Sb5IthyT7NNWEkgAAAMI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.119967 2026] [security2:error] [pid 30223:tid 30232] [client 45.148.10.51:9950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/blog/.env"] [unique_id "aiyqgH9Sb5IthyT7NNWEkgAAAMI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.276970 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:9968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/store/.env"] [unique_id "aiyqgMMjlrrfQvlefl3UuwAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.277262 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:9968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/store/.env"] [unique_id "aiyqgMMjlrrfQvlefl3UuwAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.277514 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:9968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/store/.env"] [unique_id "aiyqgMMjlrrfQvlefl3UuwAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.433899 2026] [security2:error] [pid 31392:tid 31421] [client 45.148.10.51:9976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v1/.env"] [unique_id "aiyqgHU9ydevvLef3-dbrAAAABU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.434136 2026] [security2:error] [pid 31392:tid 31421] [client 45.148.10.51:9976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v1/.env"] [unique_id "aiyqgHU9ydevvLef3-dbrAAAABU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:28.434364 2026] [security2:error] [pid 31392:tid 31421] [client 45.148.10.51:9976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v1/.env"] [unique_id "aiyqgHU9ydevvLef3-dbrAAAABU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:29.825306 2026] [security2:error] [pid 29702:tid 29740] [client 45.148.10.51:43970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2022"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2022"] [unique_id "aiyqgbJGfUXoI1XijsyJYwAAAIU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:29.825561 2026] [security2:error] [pid 29702:tid 29740] [client 45.148.10.51:43970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2022"] [unique_id "aiyqgbJGfUXoI1XijsyJYwAAAIU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:29.825856 2026] [security2:error] [pid 29702:tid 29740] [client 45.148.10.51:43970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.2022"] [unique_id "aiyqgbJGfUXoI1XijsyJYwAAAIU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.099368 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:44000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.local"] [unique_id "aiyqgnw8xPMNeF-FyaVzjQAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.099715 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:44000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.local"] [unique_id "aiyqgnw8xPMNeF-FyaVzjQAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.099951 2026] [security2:error] [pid 29650:tid 29677] [client 45.148.10.51:44000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/server/.env.local"] [unique_id "aiyqgnw8xPMNeF-FyaVzjQAAAVY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.113995 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:44028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.email"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.email"] [unique_id "aiyqgnU9ydevvLef3-dbsQAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.114345 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:44028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.email"] [unique_id "aiyqgnU9ydevvLef3-dbsQAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:30.114605 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:44028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.email"] [unique_id "aiyqgnU9ydevvLef3-dbsQAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:32.872107 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.local"] [unique_id "aiyqhHw8xPMNeF-FyaVznQAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:32.872416 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.local"] [unique_id "aiyqhHw8xPMNeF-FyaVznQAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:32.872767 2026] [security2:error] [pid 29650:tid 29658] [client 45.148.10.51:42436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.prod.local"] [unique_id "aiyqhHw8xPMNeF-FyaVznQAAAUM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.536160 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v2/.env"] [unique_id "aiyqhXw8xPMNeF-FyaVzogAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.536462 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v2/.env"] [unique_id "aiyqhXw8xPMNeF-FyaVzogAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.536766 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v2/.env"] [unique_id "aiyqhXw8xPMNeF-FyaVzogAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.538077 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:10028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.staging"] [unique_id "aiyqhcMjlrrfQvlefl3U0wAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.538321 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:10028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.staging"] [unique_id "aiyqhcMjlrrfQvlefl3U0wAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.538592 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:10028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.staging"] [unique_id "aiyqhcMjlrrfQvlefl3U0wAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.542720 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:10042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.original"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqhXU9ydevvLef3-dbtwAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.542940 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:10042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqhXU9ydevvLef3-dbtwAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.543145 2026] [security2:error] [pid 31392:tid 31414] [client 45.148.10.51:10042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.original"] [unique_id "aiyqhXU9ydevvLef3-dbtwAAAA4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.545934 2026] [security2:error] [pid 30223:tid 30235] [client 45.148.10.51:9986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/current/.env"] [unique_id "aiyqhX9Sb5IthyT7NNWEuwAAAMU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.546159 2026] [security2:error] [pid 30223:tid 30235] [client 45.148.10.51:9986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/current/.env"] [unique_id "aiyqhX9Sb5IthyT7NNWEuwAAAMU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:33.546381 2026] [security2:error] [pid 30223:tid 30235] [client 45.148.10.51:9986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/current/.env"] [unique_id "aiyqhX9Sb5IthyT7NNWEuwAAAMU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.745283 2026] [security2:error] [pid 30223:tid 30246] [client 45.148.10.51:35858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.staging"] [unique_id "aiyqiH9Sb5IthyT7NNWEzwAAANA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.745682 2026] [security2:error] [pid 30223:tid 30246] [client 45.148.10.51:35858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.staging"] [unique_id "aiyqiH9Sb5IthyT7NNWEzwAAANA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.746035 2026] [security2:error] [pid 30223:tid 30246] [client 45.148.10.51:35858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.staging"] [unique_id "aiyqiH9Sb5IthyT7NNWEzwAAANA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.762057 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:35856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/portal/.env"] [unique_id "aiyqiLJGfUXoI1XijsyJlwAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.762389 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:35856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/portal/.env"] [unique_id "aiyqiLJGfUXoI1XijsyJlwAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:36.762734 2026] [security2:error] [pid 29702:tid 29736] [client 45.148.10.51:35856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/portal/.env"] [unique_id "aiyqiLJGfUXoI1XijsyJlwAAAIE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:41.692366 2026] [security2:error] [pid 29701:tid 29726] [client 66.132.195.50:25848] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aiyqjcMjlrrfQvlefl3U8gAAAFE"]
[Fri Jun 12 21:55:42.668158 2026] [security2:error] [pid 30223:tid 30254] [client 66.132.195.50:25874] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aiyqjn9Sb5IthyT7NNWE-QAAANg"]
[Fri Jun 12 21:55:43.893618 2026] [security2:error] [pid 31392:tid 31407] [client 45.148.10.51:9920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.server"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.server"] [unique_id "aiyqj3U9ydevvLef3-dbxwAAAAc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:43.893888 2026] [security2:error] [pid 31392:tid 31407] [client 45.148.10.51:9920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.server"] [unique_id "aiyqj3U9ydevvLef3-dbxwAAAAc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:43.894131 2026] [security2:error] [pid 31392:tid 31407] [client 45.148.10.51:9920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.server"] [unique_id "aiyqj3U9ydevvLef3-dbxwAAAAc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:44.347028 2026] [security2:error] [pid 31392:tid 31419] [client 45.148.10.51:9966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.production"] [unique_id "aiyqkHU9ydevvLef3-dbyAAAABM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:44.347241 2026] [security2:error] [pid 31392:tid 31419] [client 45.148.10.51:9966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.production"] [unique_id "aiyqkHU9ydevvLef3-dbyAAAABM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:44.347446 2026] [security2:error] [pid 31392:tid 31419] [client 45.148.10.51:9966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env.production"] [unique_id "aiyqkHU9ydevvLef3-dbyAAAABM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:50.299355 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:63274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/dashboard/.env"] [unique_id "aiyqlsMjlrrfQvlefl3VDwAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:50.299822 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:63274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/dashboard/.env"] [unique_id "aiyqlsMjlrrfQvlefl3VDwAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:50.300100 2026] [security2:error] [pid 29701:tid 29723] [client 45.148.10.51:63274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/dashboard/.env"] [unique_id "aiyqlsMjlrrfQvlefl3VDwAAAE4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:51.717913 2026] [security2:error] [pid 29701:tid 29712] [client 66.132.195.50:46258] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/robots.txt"] [unique_id "aiyql8MjlrrfQvlefl3VFAAAAEI"]
[Fri Jun 12 21:55:51.823215 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:63304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/private/.env"] [unique_id "aiyql3U9ydevvLef3-db0gAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:51.823534 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:63304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/private/.env"] [unique_id "aiyql3U9ydevvLef3-db0gAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:51.823907 2026] [security2:error] [pid 31392:tid 31422] [client 45.148.10.51:63304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/private/.env"] [unique_id "aiyql3U9ydevvLef3-db0gAAABY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:52.078522 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:63316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/protected/.env"] [unique_id "aiyqmLJGfUXoI1XijsyKEQAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:52.078958 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:63316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/protected/.env"] [unique_id "aiyqmLJGfUXoI1XijsyKEQAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:52.079340 2026] [security2:error] [pid 29702:tid 29750] [client 45.148.10.51:63316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/protected/.env"] [unique_id "aiyqmLJGfUXoI1XijsyKEQAAAJA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:52.444007 2026] [security2:error] [pid 30223:tid 30235] [client 66.132.195.50:46262] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/favicon.ico"] [unique_id "aiyqmH9Sb5IthyT7NNWFRQAAAMU"]
[Fri Jun 12 21:55:54.152804 2026] [security2:error] [pid 29702:tid 29753] [client 45.148.10.51:10030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.local"] [unique_id "aiyqmrJGfUXoI1XijsyKIQAAAJM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.153035 2026] [security2:error] [pid 29702:tid 29753] [client 45.148.10.51:10030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.local"] [unique_id "aiyqmrJGfUXoI1XijsyKIQAAAJM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.153248 2026] [security2:error] [pid 29702:tid 29753] [client 45.148.10.51:10030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.dev.local"] [unique_id "aiyqmrJGfUXoI1XijsyKIQAAAJM"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.154506 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.production"] [unique_id "aiyqmnw8xPMNeF-FyaV0CgAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.154984 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.production"] [unique_id "aiyqmnw8xPMNeF-FyaV0CgAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.155236 2026] [security2:error] [pid 29650:tid 29669] [client 45.148.10.51:10038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env.production"] [unique_id "aiyqmnw8xPMNeF-FyaV0CgAAAU4"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.158934 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:10026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aiyqmnU9ydevvLef3-db2AAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.159178 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:10026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aiyqmnU9ydevvLef3-db2AAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.159381 2026] [security2:error] [pid 31392:tid 31405] [client 45.148.10.51:10026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/app/.env"] [unique_id "aiyqmnU9ydevvLef3-db2AAAAAU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.164614 2026] [security2:error] [pid 30223:tid 30251] [client 45.148.10.51:10004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v3/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFUQAAANU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.164894 2026] [security2:error] [pid 30223:tid 30251] [client 45.148.10.51:10004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v3/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFUQAAANU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.165159 2026] [security2:error] [pid 30223:tid 30251] [client 45.148.10.51:10004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/v3/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFUQAAANU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.186716 2026] [security2:error] [pid 29702:tid 29747] [client 45.148.10.51:10062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aiyqmrJGfUXoI1XijsyKIgAAAI0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.186940 2026] [security2:error] [pid 29702:tid 29747] [client 45.148.10.51:10062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aiyqmrJGfUXoI1XijsyKIgAAAI0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.187217 2026] [security2:error] [pid 29702:tid 29747] [client 45.148.10.51:10062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/backend/.env"] [unique_id "aiyqmrJGfUXoI1XijsyKIgAAAI0"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.284876 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:63330] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.postmark"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqmsMjlrrfQvlefl3VGwAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.285195 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:63330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqmsMjlrrfQvlefl3VGwAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.285419 2026] [security2:error] [pid 29701:tid 29727] [client 45.148.10.51:63330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.postmark"] [unique_id "aiyqmsMjlrrfQvlefl3VGwAAAFI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.394680 2026] [security2:error] [pid 30223:tid 30252] [client 45.148.10.51:63332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/deploy/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFVAAAANY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.395000 2026] [security2:error] [pid 30223:tid 30252] [client 45.148.10.51:63332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/deploy/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFVAAAANY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.395231 2026] [security2:error] [pid 30223:tid 30252] [client 45.148.10.51:63332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/deploy/.env"] [unique_id "aiyqmn9Sb5IthyT7NNWFVAAAANY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.404121 2026] [security2:error] [pid 29701:tid 29721] [client 45.148.10.51:63338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /craft/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/craft/.env"] [unique_id "aiyqmsMjlrrfQvlefl3VHQAAAEw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.404382 2026] [security2:error] [pid 29701:tid 29721] [client 45.148.10.51:63338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/craft/.env"] [unique_id "aiyqmsMjlrrfQvlefl3VHQAAAEw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:54.404651 2026] [security2:error] [pid 29701:tid 29721] [client 45.148.10.51:63338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/craft/.env"] [unique_id "aiyqmsMjlrrfQvlefl3VHQAAAEw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:55.511324 2026] [security2:error] [pid 29702:tid 29749] [client 45.148.10.51:35848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env"] [unique_id "aiyqm7JGfUXoI1XijsyKKwAAAI8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:55.511646 2026] [security2:error] [pid 29702:tid 29749] [client 45.148.10.51:35848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env"] [unique_id "aiyqm7JGfUXoI1XijsyKKwAAAI8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:55:55.511894 2026] [security2:error] [pid 29702:tid 29749] [client 45.148.10.51:35848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env"] [unique_id "aiyqm7JGfUXoI1XijsyKKwAAAI8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:06.065613 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:35870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.production"] [unique_id "aiyqpsMjlrrfQvlefl3VXQAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:06.065948 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:35870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.production"] [unique_id "aiyqpsMjlrrfQvlefl3VXQAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:06.066255 2026] [security2:error] [pid 29701:tid 29724] [client 45.148.10.51:35870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/admin/.env.production"] [unique_id "aiyqpsMjlrrfQvlefl3VXQAAAE8"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:07.733936 2026] [security2:error] [pid 30223:tid 30240] [client 45.148.10.51:28236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public_html/.env"] [unique_id "aiyqp39Sb5IthyT7NNWFswAAAMo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:07.734288 2026] [security2:error] [pid 30223:tid 30240] [client 45.148.10.51:28236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public_html/.env"] [unique_id "aiyqp39Sb5IthyT7NNWFswAAAMo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:07.734605 2026] [security2:error] [pid 30223:tid 30240] [client 45.148.10.51:28236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/public_html/.env"] [unique_id "aiyqp39Sb5IthyT7NNWFswAAAMo"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.281930 2026] [security2:error] [pid 29650:tid 29678] [client 45.148.10.51:63262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aiyqqHw8xPMNeF-FyaV0PAAAAVc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.282222 2026] [security2:error] [pid 29650:tid 29678] [client 45.148.10.51:63262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aiyqqHw8xPMNeF-FyaV0PAAAAVc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.282488 2026] [security2:error] [pid 29650:tid 29678] [client 45.148.10.51:63262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/src/.env"] [unique_id "aiyqqHw8xPMNeF-FyaV0PAAAAVc"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.290280 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:63248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqqMMjlrrfQvlefl3VaQAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.290567 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:63248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqqMMjlrrfQvlefl3VaQAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:08.290841 2026] [security2:error] [pid 29701:tid 29726] [client 45.148.10.51:63248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqqMMjlrrfQvlefl3VaQAAAFE"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:09.155973 2026] [security2:error] [pid 29701:tid 29716] [client 45.148.10.51:63328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.test"] [unique_id "aiyqqcMjlrrfQvlefl3VbQAAAEY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:09.156221 2026] [security2:error] [pid 29701:tid 29716] [client 45.148.10.51:63328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.test"] [unique_id "aiyqqcMjlrrfQvlefl3VbQAAAEY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:09.156452 2026] [security2:error] [pid 29701:tid 29716] [client 45.148.10.51:63328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/config/.env.test"] [unique_id "aiyqqcMjlrrfQvlefl3VbQAAAEY"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.570152 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:35588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/secure/.env"] [unique_id "aiyqsXU9ydevvLef3-dcPgAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.570470 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:35588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/secure/.env"] [unique_id "aiyqsXU9ydevvLef3-dcPgAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.570710 2026] [security2:error] [pid 31392:tid 31420] [client 45.148.10.51:35588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/secure/.env"] [unique_id "aiyqsXU9ydevvLef3-dcPgAAABQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.577805 2026] [security2:error] [pid 29702:tid 29735] [client 45.148.10.51:35602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/site/.env"] [unique_id "aiyqsbJGfUXoI1XijsyKtAAAAIA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.578069 2026] [security2:error] [pid 29702:tid 29735] [client 45.148.10.51:35602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/site/.env"] [unique_id "aiyqsbJGfUXoI1XijsyKtAAAAIA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.578275 2026] [security2:error] [pid 29702:tid 29735] [client 45.148.10.51:35602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/site/.env"] [unique_id "aiyqsbJGfUXoI1XijsyKtAAAAIA"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.591672 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:35536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqsXw8xPMNeF-FyaV0ZQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.592021 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:35536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqsXw8xPMNeF-FyaV0ZQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:17.592254 2026] [security2:error] [pid 29650:tid 29660] [client 45.148.10.51:35536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/htdocs/.env"] [unique_id "aiyqsXw8xPMNeF-FyaV0ZQAAAUU"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.775477 2026] [security2:error] [pid 30223:tid 30254] [client 45.148.10.51:28220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/docker/.env"] [unique_id "aiyqvn9Sb5IthyT7NNWGGgAAANg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.775845 2026] [security2:error] [pid 30223:tid 30254] [client 45.148.10.51:28220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/docker/.env"] [unique_id "aiyqvn9Sb5IthyT7NNWGGgAAANg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.776093 2026] [security2:error] [pid 30223:tid 30254] [client 45.148.10.51:28220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/docker/.env"] [unique_id "aiyqvn9Sb5IthyT7NNWGGgAAANg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.822170 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:28884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/services/.env"] [unique_id "aiyqvnw8xPMNeF-FyaV0pwAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.822472 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:28884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/services/.env"] [unique_id "aiyqvnw8xPMNeF-FyaV0pwAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:30.822770 2026] [security2:error] [pid 29650:tid 29679] [client 45.148.10.51:28884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/services/.env"] [unique_id "aiyqvnw8xPMNeF-FyaV0pwAAAVg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.789490 2026] [security2:error] [pid 30223:tid 30234] [client 45.148.10.51:35540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env.production"] [unique_id "aiyqzH9Sb5IthyT7NNWGSgAAAMQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.789781 2026] [security2:error] [pid 30223:tid 30234] [client 45.148.10.51:35540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env.production"] [unique_id "aiyqzH9Sb5IthyT7NNWGSgAAAMQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.790017 2026] [security2:error] [pid 30223:tid 30234] [client 45.148.10.51:35540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env.production"] [unique_id "aiyqzH9Sb5IthyT7NNWGSgAAAMQ"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.791798 2026] [security2:error] [pid 29702:tid 29746] [client 45.148.10.51:35496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/microservices/.env"] [unique_id "aiyqzLJGfUXoI1XijsyLTgAAAIw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.792017 2026] [security2:error] [pid 29702:tid 29746] [client 45.148.10.51:35496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/microservices/.env"] [unique_id "aiyqzLJGfUXoI1XijsyLTgAAAIw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.792203 2026] [security2:error] [pid 29702:tid 29746] [client 45.148.10.51:35496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/microservices/.env"] [unique_id "aiyqzLJGfUXoI1XijsyLTgAAAIw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.839391 2026] [security2:error] [pid 31392:tid 31409] [client 45.148.10.51:35562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/releases/current/.env"] [unique_id "aiyqzHU9ydevvLef3-dc3gAAAAk"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.839761 2026] [security2:error] [pid 31392:tid 31409] [client 45.148.10.51:35562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/releases/current/.env"] [unique_id "aiyqzHU9ydevvLef3-dc3gAAAAk"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.840043 2026] [security2:error] [pid 31392:tid 31409] [client 45.148.10.51:35562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/releases/current/.env"] [unique_id "aiyqzHU9ydevvLef3-dc3gAAAAk"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.841509 2026] [security2:error] [pid 30223:tid 30248] [client 45.148.10.51:35572] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.docker/.env"] [unique_id "aiyqzH9Sb5IthyT7NNWGSwAAANI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.841756 2026] [security2:error] [pid 30223:tid 30248] [client 45.148.10.51:35572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.docker/.env"] [unique_id "aiyqzH9Sb5IthyT7NNWGSwAAANI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:44.841968 2026] [security2:error] [pid 30223:tid 30248] [client 45.148.10.51:35572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.docker/.env"] [unique_id "aiyqzH9Sb5IthyT7NNWGSwAAANI"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:45.585872 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:35610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.craft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.craft"] [unique_id "aiyqzXw8xPMNeF-FyaV0_QAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:45.586094 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:35610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.craft"] [unique_id "aiyqzXw8xPMNeF-FyaV0_QAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:45.586368 2026] [security2:error] [pid 29650:tid 29667] [client 45.148.10.51:35610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/.env.craft"] [unique_id "aiyqzXw8xPMNeF-FyaV0_QAAAUw"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:47.376665 2026] [security2:error] [pid 30223:tid 30238] [client 45.148.10.51:25458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aiyqz39Sb5IthyT7NNWGVwAAAMg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:47.377020 2026] [security2:error] [pid 30223:tid 30238] [client 45.148.10.51:25458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aiyqz39Sb5IthyT7NNWGVwAAAMg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:56:47.377313 2026] [security2:error] [pid 30223:tid 30238] [client 45.148.10.51:25458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.9"] [tag "event-correlation"] [hostname "mail.vps.erhabenn.com.br"] [uri "/api/.env"] [unique_id "aiyqz39Sb5IthyT7NNWGVwAAAMg"], referer: http://mail.vps.erhabenn.com.br/
[Fri Jun 12 21:57:08.083783 2026] [:error] [pid 29702:tid 29748] [client 216.73.217.139:8092] Could not write to logfile:
[Fri Jun 12 21:57:08.083860 2026] [:error] [pid 29702:tid 29748] [client 216.73.217.139:8092] Printing message to stderr:
[Fri Jun 12 21:57:08.083974 2026] [:error] [pid 29702:tid 29748] [client 216.73.217.139:8092] [Fri Jun 12 21:57:08 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:08.083998 2026] [:error] [pid 29702:tid 29748] [client 216.73.217.139:8092] 
[Fri Jun 12 21:57:08.212940 2026] [:error] [pid 29701:tid 29713] [client 216.73.217.139:61815] Could not write to logfile:
[Fri Jun 12 21:57:08.213018 2026] [:error] [pid 29701:tid 29713] [client 216.73.217.139:61815] Printing message to stderr:
[Fri Jun 12 21:57:08.213118 2026] [:error] [pid 29701:tid 29713] [client 216.73.217.139:61815] [Fri Jun 12 21:57:08 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:08.213123 2026] [:error] [pid 29701:tid 29713] [client 216.73.217.139:61815] 
[Fri Jun 12 21:57:08.287754 2026] [:error] [pid 29701:tid 29723] [client 216.73.217.139:1668] Could not write to logfile:
[Fri Jun 12 21:57:08.287808 2026] [:error] [pid 29701:tid 29723] [client 216.73.217.139:1668] Printing message to stderr:
[Fri Jun 12 21:57:08.287912 2026] [:error] [pid 29701:tid 29723] [client 216.73.217.139:1668] [Fri Jun 12 21:57:08 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:08.287918 2026] [:error] [pid 29701:tid 29723] [client 216.73.217.139:1668] 
[Fri Jun 12 21:57:08.365758 2026] [:error] [pid 29701:tid 29716] [client 74.7.241.47:57412] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sda/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sdb/device/generic/device/block/sdb/device/block/sdb/subsystem/sda/subsystem
[Fri Jun 12 21:57:08.365819 2026] [:error] [pid 29701:tid 29716] [client 74.7.241.47:57412] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sda/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sdb/device/generic/device/block/sdb/device/block/sdb/subsystem/sda/subsystem
[Fri Jun 12 21:57:08.365925 2026] [:error] [pid 29701:tid 29716] [client 74.7.241.47:57412] [Fri Jun 12 21:57:08 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sda/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sdb/device/generic/device/block/sdb/device/block/sdb/subsystem/sda/subsystem
[Fri Jun 12 21:57:08.365931 2026] [:error] [pid 29701:tid 29716] [client 74.7.241.47:57412] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdb/subsystem/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/subsystem/sda/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sdb/device/generic/device/block/sdb/device/block/sdb/subsystem/sda/subsystem
[Fri Jun 12 21:57:08.435893 2026] [:error] [pid 29650:tid 29664] [client 74.7.241.8:55044] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sy[Fri Jun 12 21:57:13.994795 2026] [:error] [pid 30223:tid 30254] [client 216.73.217.139:49008] Could not write to logfile:
[Fri Jun 12 21:57:14.003857 2026] [:error] [pid 30223:tid 30254] [client 216.73.217.139:49008] Printing message to stderr:
[Fri Jun 12 21:57:14.003982 2026] [:error] [pid 30223:tid 30254] [client 216.73.217.139:49008] [Fri Jun 12 21:57:13 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.003988 2026] [:error] [pid 30223:tid 30254] [client 216.73.217.139:49008] 
[Fri Jun 12 21:57:14.012800 2026] [:error] [pid 29650:tid 29667] [client 57.141.2.52:32601] Could not write to logfile:
[Fri Jun 12 21:57:14.012866 2026] [:error] [pid 29650:tid 29667] [client 57.141.2.52:32601] Printing message to stderr:
[Fri Jun 12 21:57:14.013007 2026] [:error] [pid 29650:tid 29667] [client 57.141.2.52:32601] [Fri Jun 12 21:57:13 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.013017 2026] [:error] [pid 29650:tid 29667] [client 57.141.2.52:32601] 
[Fri Jun 12 21:57:14.055754 2026] [:error] [pid 31392:tid 31404] [client 216.73.217.139:65407] Could not write to logfile:
[Fri Jun 12 21:57:14.055834 2026] [:error] [pid 31392:tid 31404] [client 216.73.217.139:65407] Printing message to stderr:
[Fri Jun 12 21:57:14.055946 2026] [:error] [pid 31392:tid 31404] [client 216.73.217.139:65407] [Fri Jun 12 21:57:14 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.055952 2026] [:error] [pid 31392:tid 31404] [client 216.73.217.139:65407] 
[Fri Jun 12 21:57:14.158717 2026] [:error] [pid 29701:tid 29720] [client 57.141.2.71:57782] Could not write to logfile:
[Fri Jun 12 21:57:14.158825 2026] [:error] [pid 29701:tid 29720] [client 57.141.2.71:57782] Printing message to stderr:
[Fri Jun 12 21:57:14.158934 2026] [:error] [pid 29701:tid 29720] [client 57.141.2.71:57782] [Fri Jun 12 21:57:14 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.158940 2026] [:error] [pid 29701:tid 29720] [client 57.141.2.71:57782] 
[Fri Jun 12 21:57:14.288261 2026] [:error] [pid 29701:tid 29730] [client 216.73.217.139:24669] Could not write to logfile:
[Fri Jun 12 21:57:14.288350 2026] [:error] [pid 29701:tid 29730] [client 216.73.217.139:24669] Printing message to stderr:
[Fri Jun 12 21:57:14.288500 2026] [:error] [pid 29701:tid 29730] [client 216.73.217.139:24669] [Fri Jun 12 21:57:14 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.288509 2026] [:error] [pid 29701:tid 29730] [client 216.73.217.139:24669] 
[Fri Jun 12 21:57:14.332778 2026] [:error] [pid 29702:tid 29754] [client 216.73.217.139:3273] Could not write to logfile:
[Fri Jun 12 21:57:14.332846 2026] [:error] [pid 29702:tid 29754] [client 216.73.217.139:3273] Printing message to stderr:
[Fri Jun 12 21:57:14.332954 2026] [:error] [pid 29702:tid 29754] [client 216.73.217.139:3273] [Fri Jun 12 21:57:14 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.332960 2026] [:error] [pid 29702:tid 29754] [client 216.73.217.139:3273] 
[Fri Jun 12 21:57:14.366773 2026] [:error] [pid 29701:tid 29715] [client 216.73.217.139:42893] Could not write to logfile:
[Fri Jun 12 21:57:14.366847 2026] [:error] [pid 29701:tid 29715] [client 216.73.217.139:42893] Printing message to stderr:
[Fri Jun 12 21:57:14.366954 2026] [:error] [pid 29701:tid 29715] [client 216.73.217.139:42893] [Fri Jun 12 21:57:14 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:14.366961 2026] [:error] [pid 29701:tid 29715] [client 216.73.217.139:42893] 
[Fri Jun 12 21:57:14.537570 2026] [:error] [pid 29650:tid 29672] [client 74.7.242.25:42032] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty63/subsystem/tty9/subsystem/tty6/subsystem/ptmx/subsystem
[Fri Jun 12 2[Fri Jun 12 21:57:42.906782 2026] [:error] [pid 29650:tid 29676] [client 216.73.217.139:21740] Could not write to logfile:
[Fri Jun 12 21:57:42.906839 2026] [:error] [pid 29650:tid 29676] [client 216.73.217.139:21740] Printing message to stderr:
[Fri Jun 12 21:57:42.906930 2026] [:error] [pid 29650:tid 29676] [client 216.73.217.139:21740] [Fri Jun 12 21:57:42 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:42.906934 2026] [:error] [pid 29650:tid 29676] [client 216.73.217.139:21740] 
[Fri Jun 12 21:57:43.063760 2026] [:error] [pid 29702:tid 29755] [client 216.73.217.139:49239] Could not write to logfile:
[Fri Jun 12 21:57:43.063832 2026] [:error] [pid 29702:tid 29755] [client 216.73.217.139:49239] Printing message to stderr:
[Fri Jun 12 21:57:43.063949 2026] [:error] [pid 29702:tid 29755] [client 216.73.217.139:49239] [Fri Jun 12 21:57:43 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:43.063954 2026] [:error] [pid 29702:tid 29755] [client 216.73.217.139:49239] 
[Fri Jun 12 21:57:43.114816 2026] [:error] [pid 29650:tid 29660] [client 216.73.217.139:3979] Could not write to logfile:
[Fri Jun 12 21:57:43.115023 2026] [:error] [pid 29650:tid 29660] [client 216.73.217.139:3979] Printing message to stderr:
[Fri Jun 12 21:57:43.115125 2026] [:error] [pid 29650:tid 29660] [client 216.73.217.139:3979] [Fri Jun 12 21:57:43 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:43.115131 2026] [:error] [pid 29650:tid 29660] [client 216.73.217.139:3979] 
[Fri Jun 12 21:57:43.219763 2026] [:error] [pid 30223:tid 30249] [client 216.73.217.139:62702] Could not write to logfile:
[Fri Jun 12 21:57:43.219829 2026] [:error] [pid 30223:tid 30249] [client 216.73.217.139:62702] Printing message to stderr:
[Fri Jun 12 21:57:43.219968 2026] [:error] [pid 30223:tid 30249] [client 216.73.217.139:62702] [Fri Jun 12 21:57:43 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:43.219973 2026] [:error] [pid 30223:tid 30249] [client 216.73.217.139:62702] 
[Fri Jun 12 21:57:43.233765 2026] [:error] [pid 29650:tid 29663] [client 216.73.217.139:10944] Could not write to logfile:
[Fri Jun 12 21:57:43.233836 2026] [:error] [pid 29650:tid 29663] [client 216.73.217.139:10944] Printing message to stderr:
[Fri Jun 12 21:57:43.233940 2026] [:error] [pid 29650:tid 29663] [client 216.73.217.139:10944] [Fri Jun 12 21:57:43 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 21:57:43.233946 2026] [:error] [pid 29650:tid 29663] [client 216.73.217.139:10944] 
[Fri Jun 12 21:57:43.291786 2026] [:error] [pid 29650:tid 29662] [client 74.7.242.25:43718] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty/subsystem/tty12/subsystem
[Fri Jun 12 21:57:43.291849 2026] [:error] [pid 29650:tid 29662] [client 74.7.242.25:43718] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty/subsystem/tty12/subsystem
[Fri Jun 12 21:57:43.291964 2026] [:error] [pid 29650:tid 29662] [client 74.7.242.25:43718] [Fri Jun 12 21:57:43 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty/subsystem/tty12/subsystem
[Fri Jun 12 21:57:43.291969 2026] [:error] [pid 29650:tid 29662] [client 74.7.242.25:43718] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty/subsystem/tty12/subsystem
[Fri Jun 12 21:57:43.352791 2026] [:error] [pid 29701:tid 29711] [client 216.73.217.139:62648] Could not write to logfile:
[Fri Jun 12 21:57:43.352869 2026] [:error] [pid 29701:tid 29711] [client 216.73.217.139:62648] Printing message to stderr:
[Fri Jun 12 21:57:43.352963 2026] [:error] [pid 29701:tid 29711] [[Fri Jun 12 22:07:20.547891 2026] [:error] [pid 29650:tid 29673] [client 74.7.242.20:36070] [Fri Jun 12 22:07:20 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/device/block/sdc/subsystem/sda/device/block/sda/subsystem/sda/device/generic/device/generic/device/block/sda/subsystem/sda2
[Fri Jun 12 22:07:20.554748 2026] [:error] [pid 29650:tid 29673] [client 74.7.242.20:36070] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/device/block/sdb/subsystem/sdc/device/block/sdc/subsystem/sda/device/block/sda/subsystem/sda/device/generic/device/generic/device/block/sda/subsystem/sda2
[Fri Jun 12 22:07:20.597770 2026] [:error] [pid 31392:tid 31417] [client 216.73.217.139:35610] Could not write to logfile:
[Fri Jun 12 22:07:20.597848 2026] [:error] [pid 31392:tid 31417] [client 216.73.217.139:35610] Printing message to stderr:
[Fri Jun 12 22:07:20.597980 2026] [:error] [pid 31392:tid 31417] [client 216.73.217.139:35610] [Fri Jun 12 22:07:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:07:20.597985 2026] [:error] [pid 31392:tid 31417] [client 216.73.217.139:35610] 
[Fri Jun 12 22:07:20.621753 2026] [:error] [pid 30223:tid 30251] [client 74.7.242.25:53318] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty19/subsystem/tty/subsystem/tty18/subsystem
[Fri Jun 12 22:07:20.621807 2026] [:error] [pid 30223:tid 30251] [client 74.7.242.25:53318] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty19/subsystem/tty/subsystem/tty18/subsystem
[Fri Jun 12 22:07:20.621923 2026] [:error] [pid 30223:tid 30251] [client 74.7.242.25:53318] [Fri Jun 12 22:07:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty19/subsystem/tty/subsystem/tty18/subsystem
[Fri Jun 12 22:07:20.621928 2026] [:error] [pid 30223:tid 30251] [client 74.7.242.25:53318] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty19/subsystem/tty/subsystem/tty18/subsystem
[Fri Jun 12 22:07:20.674744 2026] [:error] [pid 9433:tid 9449] [client 74.7.241.8:47832] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty54/subsystem/tty3/subsystem/ptmx/subsystem/tty33
[Fri Jun 12 22:07:20.674870 2026] [:error] [pid 9433:tid 9449] [client 74.7.241.8:47832] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty54/subsystem/tty3/subsystem/ptmx/subsystem/tty33
[Fri Jun 12 22:07:20.674967 2026] [:error] [pid 9433:tid 9449] [client 74.7.241.8:47832] [Fri Jun 12 22:07:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty54/subsystem/tty3/subsystem/ptmx/subsystem/tty33
[Fri Jun 12 22:07:20.674972 2026] [:error] [pid 9433:tid 9449] [client 74.7.241.8:47832] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty54/subsystem/tty3/subsystem/ptmx/subsystem/tty33
[Fri Jun 12 22:07:20.709474 2026] [:error] [pid 31392:tid 31412] [client 74.7.241.47:54908] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sdc/subsystem/sdc/subsystem/sdb/subsystem/sdc/device/block/sdc/device/block/sdc/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sdb
[Fri Jun 12 22[Fri Jun 12 22:14:55.117809 2026] [:error] [pid 30223:tid 30239] [client 57.141.2.40:48097] Could not write to logfile:
[Fri Jun 12 22:14:55.117906 2026] [:error] [pid 30223:tid 30239] [client 57.141.2.40:48097] Printing message to stderr:
[Fri Jun 12 22:14:55.117999 2026] [:error] [pid 30223:tid 30239] [client 57.141.2.40:48097] [Fri Jun 12 22:14:55 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:55.118003 2026] [:error] [pid 30223:tid 30239] [client 57.141.2.40:48097] 
[Fri Jun 12 22:14:57.422790 2026] [:error] [pid 29650:tid 29659] [client 216.73.217.139:56488] Could not write to logfile:
[Fri Jun 12 22:14:57.423360 2026] [:error] [pid 29650:tid 29659] [client 216.73.217.139:56488] Printing message to stderr:
[Fri Jun 12 22:14:57.423462 2026] [:error] [pid 29650:tid 29659] [client 216.73.217.139:56488] [Fri Jun 12 22:14:57 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:57.423468 2026] [:error] [pid 29650:tid 29659] [client 216.73.217.139:56488] 
[Fri Jun 12 22:14:57.555784 2026] [:error] [pid 31392:tid 31424] [client 216.73.217.139:48554] Could not write to logfile:
[Fri Jun 12 22:14:57.555868 2026] [:error] [pid 31392:tid 31424] [client 216.73.217.139:48554] Printing message to stderr:
[Fri Jun 12 22:14:57.555966 2026] [:error] [pid 31392:tid 31424] [client 216.73.217.139:48554] [Fri Jun 12 22:14:57 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:57.555971 2026] [:error] [pid 31392:tid 31424] [client 216.73.217.139:48554] 
[Fri Jun 12 22:14:57.613793 2026] [:error] [pid 29650:tid 29662] [client 57.141.2.71:64994] Could not write to logfile:
[Fri Jun 12 22:14:57.613847 2026] [:error] [pid 29650:tid 29662] [client 57.141.2.71:64994] Printing message to stderr:
[Fri Jun 12 22:14:57.613948 2026] [:error] [pid 29650:tid 29662] [client 57.141.2.71:64994] [Fri Jun 12 22:14:57 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:57.613953 2026] [:error] [pid 29650:tid 29662] [client 57.141.2.71:64994] 
[Fri Jun 12 22:14:57.689804 2026] [:error] [pid 29702:tid 29735] [client 216.73.217.139:63799] Could not write to logfile:
[Fri Jun 12 22:14:57.689885 2026] [:error] [pid 29702:tid 29735] [client 216.73.217.139:63799] Printing message to stderr:
[Fri Jun 12 22:14:57.689980 2026] [:error] [pid 29702:tid 29735] [client 216.73.217.139:63799] [Fri Jun 12 22:14:57 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:57.689986 2026] [:error] [pid 29702:tid 29735] [client 216.73.217.139:63799] 
[Fri Jun 12 22:14:57.720823 2026] [:error] [pid 29702:tid 29743] [client 216.73.217.139:9742] Could not write to logfile:
[Fri Jun 12 22:14:57.720885 2026] [:error] [pid 29702:tid 29743] [client 216.73.217.139:9742] Printing message to stderr:
[Fri Jun 12 22:14:57.720978 2026] [:error] [pid 29702:tid 29743] [client 216.73.217.139:9742] [Fri Jun 12 22:14:57 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 22:14:57.720982 2026] [:error] [pid 29702:tid 29743] [client 216.73.217.139:9742] 
[Fri Jun 12 22:14:57.793831 2026] [:error] [pid 29702:tid 29754] [client 74.7.242.20:56396] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda1/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb/mq
[Fri Jun 12 22:14:57.793958 2026] [:error] [pid 29702:tid 29754] [client 74.7.242.20:56396] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sda1/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb/mq
[Fri Jun 12 22:14:57.794058 2026] [:error] [pid 29702:tid 29754] [client[Fri Jun 12 23:53:09.819456 2026] [security2:error] [pid 16332:tid 16349] [client 45.148.10.67:49980] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "13.84.161.190:443"] [severity "WARNING"] [ver "OWASP_CRS/3.3.9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "13.84.161.190"] [uri "/"] [unique_id "aizGFSWuOpMVrK2nevbtiwAAAEw"]
[Fri Jun 12 23:53:20.710848 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/tty47/subsystem/tty6/subsystem
[Fri Jun 12 23:53:20.710895 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/tty47/subsystem/tty6/subsystem
[Fri Jun 12 23:53:20.710982 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] [Fri Jun 12 23:53:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/tty47/subsystem/tty6/subsystem
[Fri Jun 12 23:53:20.710986 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/tty/subsystem/tty47/subsystem/tty6/subsystem
[Fri Jun 12 23:53:20.817741 2026] [:error] [pid 16332:tid 16347] [client 57.141.2.11:39191] Could not write to logfile:
[Fri Jun 12 23:53:20.817792 2026] [:error] [pid 16332:tid 16347] [client 57.141.2.11:39191] Printing message to stderr:
[Fri Jun 12 23:53:20.817877 2026] [:error] [pid 16332:tid 16347] [client 57.141.2.11:39191] [Fri Jun 12 23:53:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Fri Jun 12 23:53:20.817882 2026] [:error] [pid 16332:tid 16347] [client 57.141.2.11:39191] 
[Fri Jun 12 23:53:20.861807 2026] [:error] [pid 16387:tid 16411] [client 74.7.241.47:55084] Could not write to logfile:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sda/subsystem/sda/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/device/generic/device/block/sda/subsystem/sdc/subsystem/sdb/device
[Fri Jun 12 23:53:20.861884 2026] [:error] [pid 16387:tid 16411] [client 74.7.241.47:55084] Printing message to stderr:, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sda/subsystem/sda/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/device/generic/device/block/sda/subsystem/sdc/subsystem/sdb/device
[Fri Jun 12 23:53:20.861993 2026] [:error] [pid 16387:tid 16411] [client 74.7.241.47:55084] [Fri Jun 12 23:53:20 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsystem/sdc/subsystem/sda/subsystem/sdb/device/block/sdb/subsystem/sdb/subsystem/sda/subsystem/sda/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sda/device/generic/device/block/sda/subsystem/sdc/subsystem/sdb/device
[Fri Jun 12 23:53:20.861999 2026] [:error] [pid 16387:tid 16411] [client 74.7.241.47:55084] , referer: https://mail.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/bus/platform/devices/floppy.0/block/fd0/subsys[Fri Jun 12 23:53:23.786744 2026] [:error] [pid 30223:tid 30239] [client 57.141.2.30:62539] 
[Fri Jun 12 23:53:23.818754 2026] [:error] [pid 30223:tid 30234] [client 74.7.242.25:48942] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty5/subsystem/tty/subsystem/tty17
[Fri Jun 12 23:53:23.818844 2026] [:error] [pid 30223:tid 30234] [client 74.7.242.25:48942] Printing message to stderr:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty5/subsystem/tty/subsystem/tty17
[Fri Jun 12 23:53:23.818949 2026] [:error] [pid 30223:tid 30234] [client 74.7.242.25:48942] [Fri Jun 12 23:53:23 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty5/subsystem/tty/subsystem/tty17
[Fri Jun 12 23:53:23.818954 2026] [:error] [pid 30223:tid 30234] [client 74.7.242.25:48942] , referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/ptmx/subsystem/tty5/subsystem/tty/subsystem/tty17
[Fri Jun 12 23:53:23.886921 2026] [:error] [pid 30223:tid 30238] [client 74.7.242.20:39354] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sdc/subsystem/sdc1/subsystem/sda/device/block/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb
[Fri Jun 12 23:53:23.886980 2026] [:error] [pid 30223:tid 30238] [client 74.7.242.20:39354] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sdc/subsystem/sdc1/subsystem/sda/device/block/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb
[Fri Jun 12 23:53:23.887092 2026] [:error] [pid 30223:tid 30238] [client 74.7.242.20:39354] [Fri Jun 12 23:53:23 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sdc/subsystem/sdc1/subsystem/sda/device/block/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb
[Fri Jun 12 23:53:23.887098 2026] [:error] [pid 30223:tid 30238] [client 74.7.242.20:39354] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sdc/subsystem/sdc1/subsystem/sda/device/block/sda/subsystem/sdc/device/block/sdc/subsystem/sdc/device/generic/device/block/sdc/device/block/sdc/subsystem/sdb
[Fri Jun 12 23:53:23.915753 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] Could not write to logfile:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/ptmx/subsystem/tty0/subsystem/tty3/subsystem
[Fri Jun 12 23:53:23.915807 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] Printing message to stderr:, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/ptmx/subsystem/tty0/subsystem/tty3/subsystem
[Fri Jun 12 23:53:23.916003 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] [Fri Jun 12 23:53:23 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013, referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/ptmx/subsystem/tty0/subsystem/tty3/subsystem
[Fri Jun 12 23:53:23.916032 2026] [:error] [pid 16387:tid 16414] [client 74.7.241.8:46574] , referer: https://www.sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty12/subsystem/ttyS3/subsystem/ptmx/subsystem/tty0/subsystem/tty3/subsystem
[Fri Jun 12 23:53:23.966801 2026] [:error] [pid 9433:tid 9465] [client 3.217.171.106:56948] Could not write to logfile:
[Fri Jun 12 23:53:23.966912 2026] [:error] [pid 9433:tid 9465] [client 3.217.171.106[Sat Jun 13 00:01:34.666768 2026] [:error] [pid 15507:tid 15517] [client 216.73.217.139:59173] 
[Sat Jun 13 00:01:34.742746 2026] [:error] [pid 16332:tid 16353] [client 57.141.2.64:50461] Could not write to logfile:
[Sat Jun 13 00:01:34.742794 2026] [:error] [pid 16332:tid 16353] [client 57.141.2.64:50461] Printing message to stderr:
[Sat Jun 13 00:01:34.742896 2026] [:error] [pid 16332:tid 16353] [client 57.141.2.64:50461] [Sat Jun 13 00:01:34 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 00:01:34.742901 2026] [:error] [pid 16332:tid 16353] [client 57.141.2.64:50461] 
[Sat Jun 13 00:01:34.755986 2026] [:error] [pid 16332:tid 16352] [client 74.7.242.20:50686] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sda/subsystem/sda/sda1/subsystem/sdb/subsystem/sdb/device/block/sdb/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sdc/device
[Sat Jun 13 00:01:34.756386 2026] [:error] [pid 16332:tid 16352] [client 74.7.242.20:50686] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sda/subsystem/sda/sda1/subsystem/sdb/subsystem/sdb/device/block/sdb/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sdc/device
[Sat Jun 13 00:01:34.756512 2026] [:error] [pid 16332:tid 16352] [client 74.7.242.20:50686] [Sat Jun 13 00:01:34 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sda/subsystem/sda/sda1/subsystem/sdb/subsystem/sdb/device/block/sdb/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sdc/device
[Sat Jun 13 00:01:34.756518 2026] [:error] [pid 16332:tid 16352] [client 74.7.242.20:50686] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sda/subsystem/sda/subsystem/sda/sda1/subsystem/sdb/subsystem/sdb/device/block/sdb/subsystem/sda/device/generic/device/block/sda/subsystem/sda/subsystem/sdc/device
[Sat Jun 13 00:01:34.806959 2026] [:error] [pid 16387:tid 16404] [client 216.73.217.139:3535] Could not write to logfile:
[Sat Jun 13 00:01:34.807018 2026] [:error] [pid 16387:tid 16404] [client 216.73.217.139:3535] Printing message to stderr:
[Sat Jun 13 00:01:34.807130 2026] [:error] [pid 16387:tid 16404] [client 216.73.217.139:3535] [Sat Jun 13 00:01:34 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 00:01:34.807135 2026] [:error] [pid 16387:tid 16404] [client 216.73.217.139:3535] 
[Sat Jun 13 00:01:34.858948 2026] [:error] [pid 16332:tid 16361] [client 216.73.217.139:63981] Could not write to logfile:
[Sat Jun 13 00:01:34.858999 2026] [:error] [pid 16332:tid 16361] [client 216.73.217.139:63981] Printing message to stderr:
[Sat Jun 13 00:01:34.859131 2026] [:error] [pid 16332:tid 16361] [client 216.73.217.139:63981] [Sat Jun 13 00:01:34 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 00:01:34.859142 2026] [:error] [pid 16332:tid 16361] [client 216.73.217.139:63981] 
[Sat Jun 13 00:01:34.886873 2026] [:error] [pid 9433:tid 9459] [client 57.141.2.20:51708] Could not write to logfile:
[Sat Jun 13 00:01:34.886929 2026] [:error] [pid 9433:tid 9459] [client 57.141.2.20:51708] Printing message to stderr:
[Sat Jun 13 00:01:34.887040 2026] [:error] [pid 9433:tid 9459] [client 57.141.2.20:51708] [Sat Jun 13 00:01:34 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 00:01:34.887046 2026] [:error] [pid 9433:tid 9459] [client 57.141.2.20:51708] 
[Sat Jun 13 00:01:34.992760 2026] [:error] [pid 16387:tid 16408] [client 74.7.242.25:56056] Could not write to logfile:, referer: http://sonneconsultoria.com.br/x-cp-glmw5yOR.php?path=//sys/class/tty/tty54/subsystem/tty/subsystem/console/subsystem/tty19
[Sat Jun 13 00:01:34.992844 2026] [:error] [pid 16387:tid 1[Sat Jun 13 01:37:37.899770 2026] [:error] [pid 15507:tid 15524] [client 57.141.2.37:63595] Printing message to stderr:
[Sat Jun 13 01:37:37.906856 2026] [:error] [pid 15507:tid 15524] [client 57.141.2.37:63595] [Sat Jun 13 01:37:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 01:37:37.906867 2026] [:error] [pid 15507:tid 15524] [client 57.141.2.37:63595] 
[Sat Jun 13 01:37:37.972803 2026] [:error] [pid 18076:tid 18094] [client 216.73.217.139:43958] Could not write to logfile:
[Sat Jun 13 01:37:37.972873 2026] [:error] [pid 18076:tid 18094] [client 216.73.217.139:43958] Printing message to stderr:
[Sat Jun 13 01:37:37.972967 2026] [:error] [pid 18076:tid 18094] [client 216.73.217.139:43958] [Sat Jun 13 01:37:37 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 01:37:37.972972 2026] [:error] [pid 18076:tid 18094] [client 216.73.217.139:43958] 
[Sat Jun 13 01:37:37.994750 2026] [:error] [pid 27521:tid 27538] [client 74.7.242.20:39492] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/subsystem/sda/subsystem/sda/device/block/sda/subsystem/fd0/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/subsystem/sdb/device
[Sat Jun 13 01:37:37.994810 2026] [:error] [pid 27521:tid 27538] [client 74.7.242.20:39492] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/subsystem/sda/subsystem/sda/device/block/sda/subsystem/fd0/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/subsystem/sdb/device
[Sat Jun 13 01:37:37.994915 2026] [:error] [pid 27521:tid 27538] [client 74.7.242.20:39492] [Sat Jun 13 01:37:37 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/subsystem/sda/subsystem/sda/device/block/sda/subsystem/fd0/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/subsystem/sdb/device
[Sat Jun 13 01:37:37.994920 2026] [:error] [pid 27521:tid 27538] [client 74.7.242.20:39492] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/subsystem/sdb/subsystem/sda/subsystem/sda/device/block/sda/subsystem/fd0/subsystem/sdc/device/generic/device/block/sdc/subsystem/sdc/subsystem/sdb/device
[Sat Jun 13 01:37:38.107847 2026] [:error] [pid 5557:tid 5565] [client 216.73.217.139:45312] Could not write to logfile:
[Sat Jun 13 01:37:38.107963 2026] [:error] [pid 5557:tid 5565] [client 216.73.217.139:45312] Printing message to stderr:
[Sat Jun 13 01:37:38.108087 2026] [:error] [pid 5557:tid 5565] [client 216.73.217.139:45312] [Sat Jun 13 01:37:38 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 01:37:38.108092 2026] [:error] [pid 5557:tid 5565] [client 216.73.217.139:45312] 
[Sat Jun 13 01:37:38.138204 2026] [:error] [pid 27521:tid 27528] [client 216.73.217.139:34738] Could not write to logfile:
[Sat Jun 13 01:37:38.138266 2026] [:error] [pid 27521:tid 27528] [client 216.73.217.139:34738] Printing message to stderr:
[Sat Jun 13 01:37:38.138366 2026] [:error] [pid 27521:tid 27528] [client 216.73.217.139:34738] [Sat Jun 13 01:37:38 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 01:37:38.138371 2026] [:error] [pid 27521:tid 27528] [client 216.73.217.139:34738] 
[Sat Jun 13 01:37:38.146757 2026] [:error] [pid 15507:tid 15522] [client 216.73.217.139:4441] Could not write to logfile:
[Sat Jun 13 01:37:38.146829 2026] [:error] [pid 15507:tid 15522] [client 216.73.217.139:4441] Printing message to stderr:
[Sat Jun 13 01:37:38.146932 2026] [:error] [pid 15507:tid 15522] [client 216.73.217.139:4441] [Sat Jun 13 01:37:38 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 01:37:38.146937 2026] [:error] [pid 15507:tid 15522] [client 216.73.21[Sat Jun 13 10:48:05.589885 2026] [:error] [pid 10419:tid 10446] [client 57.141.2.8:26697] Printing message to stderr:
[Sat Jun 13 10:48:05.596017 2026] [:error] [pid 10419:tid 10446] [client 57.141.2.8:26697] [Sat Jun 13 10:48:05 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 10:48:05.596027 2026] [:error] [pid 10419:tid 10446] [client 57.141.2.8:26697] 
[Sat Jun 13 10:48:05.581746 2026] [:error] [pid 1018:tid 1036] [client 216.73.216.202:43717] Could not write to logfile:
[Sat Jun 13 10:48:05.596070 2026] [:error] [pid 1018:tid 1036] [client 216.73.216.202:43717] Printing message to stderr:
[Sat Jun 13 10:48:05.596169 2026] [:error] [pid 1018:tid 1036] [client 216.73.216.202:43717] [Sat Jun 13 10:48:05 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-oYOILkD7.php" as UID 1008, GID 1010
[Sat Jun 13 10:48:05.596173 2026] [:error] [pid 1018:tid 1036] [client 216.73.216.202:43717] 
[Sat Jun 13 10:48:11.360931 2026] [:error] [pid 10419:tid 10431] [client 74.7.242.20:44002] Could not write to logfile:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/sdc1/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/subsystem/sdb/bdi/subsystem/default/subsystem/8:16
[Sat Jun 13 10:48:11.361005 2026] [:error] [pid 10419:tid 10431] [client 74.7.242.20:44002] Printing message to stderr:, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/sdc1/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/subsystem/sdb/bdi/subsystem/default/subsystem/8:16
[Sat Jun 13 10:48:11.361102 2026] [:error] [pid 10419:tid 10431] [client 74.7.242.20:44002] [Sat Jun 13 10:48:11 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010, referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/sdc1/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/subsystem/sdb/bdi/subsystem/default/subsystem/8:16
[Sat Jun 13 10:48:11.361107 2026] [:error] [pid 10419:tid 10431] [client 74.7.242.20:44002] , referer: https://www.suporte.machen.ai/x-cp-cqfs97tA.php?path=//sys/class/block/sdc/sdc1/subsystem/sdc/subsystem/sda/device/block/sda/subsystem/sdb/subsystem/sdb/bdi/subsystem/default/subsystem/8:16
[Sat Jun 13 10:48:11.417408 2026] [:error] [pid 703:tid 752] [client 216.73.216.202:57850] Could not write to logfile:
[Sat Jun 13 10:48:11.417466 2026] [:error] [pid 703:tid 752] [client 216.73.216.202:57850] Printing message to stderr:
[Sat Jun 13 10:48:11.417575 2026] [:error] [pid 703:tid 752] [client 216.73.216.202:57850] [Sat Jun 13 10:48:11 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-oYOILkD7.php" as UID 1008, GID 1010
[Sat Jun 13 10:48:11.417580 2026] [:error] [pid 703:tid 752] [client 216.73.216.202:57850] 
[Sat Jun 13 10:48:11.452569 2026] [:error] [pid 10419:tid 10432] [client 216.73.217.139:16371] Could not write to logfile:
[Sat Jun 13 10:48:11.452645 2026] [:error] [pid 10419:tid 10432] [client 216.73.217.139:16371] Printing message to stderr:
[Sat Jun 13 10:48:11.452805 2026] [:error] [pid 10419:tid 10432] [client 216.73.217.139:16371] [Sat Jun 13 10:48:11 2026] [info] Executing "/disk001/sonne/public_html/x-cp-glmw5yOR.php" as UID 1011, GID 1013
[Sat Jun 13 10:48:11.452813 2026] [:error] [pid 10419:tid 10432] [client 216.73.217.139:16371] 
[Sat Jun 13 10:48:11.487820 2026] [:error] [pid 20476:tid 20489] [client 216.73.216.202:26290] Could not write to logfile:
[Sat Jun 13 10:48:11.487947 2026] [:error] [pid 20476:tid 20489] [client 216.73.216.202:26290] Printing message to stderr:
[Sat Jun 13 10:48:11.488090 2026] [:error] [pid 20476:tid 20489] [client 216.73.216.202:26290] [Sat Jun 13 10:48:11 2026] [info] Executing "/disk001/machen/public_html/suporte/x-cp-cqfs97tA.php" as UID 1008, GID 1010
[Sat Jun 13 10:48:11.488095 2026] [:error] [pid 20476:tid 20489] [client 216.73.216.202:26290] 
[Sat Jun 13 10:48:11.497634 2026] [:error] [pid 6274:tid 6294] [client 216.73.216.202:65491] Could not write to logfile:
[Sat Jun 1
@ Telegram